Professional Documents
Culture Documents
Informe Tcnico
Despues de la instalacin del nuevo servidor de correo realizada por el Ingeniero Ricardo
Ortega, para completar el proceso de configuracin de seguridad se ha implementado dentro
de la empresa los siguientes puntos.
El servidor ser el nico equipo que utilice el puerto 25 (smtp) adems de los
protocolos http, https, smtps, pop3s,imaps.
Mensaje 1
From jsuarez@adfolsa.com.ec Thu Oct 03 19:33:34 2013
victim@smtp.example,
victim@smtp.example
Delivery-date: Thu, 03 Oct 2013 19:33:34 -0400
Received: from [186.5.101.118] (helo=mail.adfolsa.com.ec)
by mail.victim.example with esmtp (Exim 4.63)
(envelope-from <jsuarez@adfolsa.com.ec>)
id 1VRsOk-0007ev-6q; Thu, 03 Oct 2013 19:33:34 -0400
Received: from localhost (localhost.localdomain [127.0.0.1])
by mail.adfolsa.com.ec (Postfix) with ESMTP id 44E772328917;
Thu, 3 Oct 2013 18:44:19 -0500 (ECT)
Received: from mail.adfolsa.com.ec ([127.0.0.1])
by localhost (mail.adfolsa.com.ec [127.0.0.1]) (amavisdnew, port 10024)
with ESMTP id NMrqG33-FIGv; Thu, 3 Oct 2013 18:44:18 0500 (ECT)
Received: from mail.adfolsa.com.ec (mail.adfolsa.com.ec [192.16
8.0.250])
by mail.adfolsa.com.ec (Postfix) with ESMTP id 249E92328157;
Thu, 3 Oct 2013 18:44:09 -0500 (ECT)
Date: Thu, 3 Oct 2013 18:44:09 -0500 (ECT)
From: "Sen. Ehigie Edobor" <jsuarez@adfolsa.com.ec>
ReplyTo: "Sen. Ehigie Edobor" <senehigieedobor@globomail.com>
Subject: Attention: Sir/Madam...1
MIME-Version: 1.0
To: undisclosed-recipients:;
--=20
Dear Beneficiary,
Following this year's (2013) review of the global financial matters
and jus=
t concluded investigations today by the Federal Bureau of Investi
gation in =
conjunction with the EFCC, in view of the foregoing, a new paym
ent of Eight=
Million Five Hundred Thousand Dollars Only has been approved
in your favor=
and credited into an ATM CARD which shall be delivered to you.
Our final conclusion was that, the fund should be paid to you via
an automa=
ted teller machine card (ATM) as it seems, this will be easier and
faster f=
or you to receive payment.
Your new communication code: NG/.CCUF -HFCR-/RLPHJ/.
Thank you for your anticipated cooperation and we are looking fo
rward to he=
aring from you. Please confirm the follows:
1. Full Names:
2. Residence address:
3. Telephone/Fax number:
4. Age:
5. Next of Kin
6. Country of Residence
7. A copy of your driver=E2=80=99s license / international passp
ort:
Regards,
Sen. Ehigie Edobor.
Swift Debit ATM Card Payment System
Senate Committee on Banking, Finance and Payments
Mensaje 2
From jsuarez@adfolsa.com.ec Thu Oct 03 19:37:46 2013
victim@smtp.example,
victim@smtp.example
Delivery-date: Thu, 03 Oct 2013 19:37:46 -0400
Received: from [186.5.101.118] (helo=mail.adfolsa.com.ec)
by mail.victim.example with esmtp (Exim 4.63)
(envelope-from <jsuarez@adfolsa.com.ec>)
id 1VRsSo-0000oL-Qn; Thu, 03 Oct 2013 19:37:46 -0400
Received: from localhost (localhost.localdomain [127.0.0.1])
by mail.adfolsa.com.ec (Postfix) with ESMTP id 1D7182328A23;
Thu, 3 Oct 2013 18:48:32 -0500 (ECT)
Received: from mail.adfolsa.com.ec ([127.0.0.1])
by localhost (mail.adfolsa.com.ec [127.0.0.1]) (amavisdnew, port 10024)
with ESMTP id U2HLf8IT1zdx; Thu, 3 Oct 2013 18:48:31 0500 (ECT)
Received: from mail.adfolsa.com.ec (mail.adfolsa.com.ec [192.16
8.0.250])
by mail.adfolsa.com.ec (Postfix) with ESMTP id 41AB02328157;
Thu, 3 Oct 2013 18:48:26 -0500 (ECT)
Date: Thu, 3 Oct 2013 18:48:26 -0500 (ECT)
From: "Sen. Ehigie Edobor" <jsuarez@adfolsa.com.ec>
ReplyTo: "Sen. Ehigie Edobor" <senehigieedobor@globomail.com>
Subject: REPLY.
MIME-Version: 1.0
To: undisclosed-recipients:;
--=20
Dear Beneficiary,
Following this year's (2013) review of the global financial matters
and jus=
t concluded investigations today by the Federal Bureau of Investi
gation in =
conjunction with the EFCC, in view of the foregoing, a new paym
ent of Eight=
Million Five Hundred Thousand Dollars Only has been approved
in your favor=
and credited into an ATM CARD which shall be delivered to you.
Our final conclusion was that, the fund should be paid to you via
an automa=
ted teller machine card (ATM) as it seems, this will be easier and
faster f=
or you to receive payment.
Your new communication code: NG/.CCUF -HFCR-/RLPHJ/.
Thank you for your anticipated cooperation and we are looking fo
rward to he=
aring from you. Please confirm the follows:
1. Full Names:
2. Residence address:
3. Telephone/Fax number:
4. Age:
5. Next of Kin
6. Country of Residence
7. A copy of your driver=E2=80=99s license / international passp
ort:
Regards,
Sen. Ehigie Edobor.
Swift Debit ATM Card Payment System
Senate Committee on Banking, Finance and Payments
Mensaje 3
From jsuarez@adfolsa.com.ec Thu Oct 03 19:58:08 2013
Delivery-date: Thu, 03 Oct 2013 19:58:08 -0400
Received: from [186.5.101.118] (helo=mail.adfolsa.com.ec)
by mail.victim.example with esmtp (Exim 4.63)
(envelope-from <jsuarez@adfolsa.com.ec>)
id 1VRsmW-00084d-0H
for victim@smtp.example; Thu, 03 Oct 2013 19:58:08 -0400
Received: from localhost (localhost.localdomain [127.0.0.1])
by mail.adfolsa.com.ec (Postfix) with ESMTP id C860C2328A1A;
Thu, 3 Oct 2013 19:08:52 -0500 (ECT)
Received: from mail.adfolsa.com.ec ([127.0.0.1])
by localhost (mail.adfolsa.com.ec [127.0.0.1]) (amavisdnew, port 10024)
with ESMTP id vTttrHs7qDf6; Thu, 3 Oct 2013 19:08:52 0500 (ECT)
Received: from mail.adfolsa.com.ec (mail.adfolsa.com.ec [192.16
8.0.250])
by mail.adfolsa.com.ec (Postfix) with ESMTP id AFDDE2328157;
Thu, 3 Oct 2013 19:08:49 -0500 (ECT)
Date: Thu, 3 Oct 2013 19:08:49 -0500 (ECT)
From: "Sen. Ehigie Edobor" <jsuarez@adfolsa.com.ec>
ReplyTo: "Sen. Ehigie Edobor" <senehigieedobor@globomail.com>
Subject: Attention: Sir/Madam...
MIME-Version: 1.0
To: undisclosed-recipients:;
--=20
Dear Beneficiary,
Following this year's (2013) review of the global financial matters
and jus=
Mensaje 4
From jsuarez@adfolsa.com.ec Thu Oct 03 20:08:57 2013
Delivery-date: Thu, 03 Oct 2013 20:08:57 -0400
Received: from [186.5.101.118] (helo=mail.adfolsa.com.ec)
by mail.victim.example with esmtp (Exim 4.63)
(envelope-from <jsuarez@adfolsa.com.ec>)
id 1VRswz-0003jQ-Cw
for victim@smtp.example; Thu, 03 Oct 2013 20:08:57 -0400
Received: from localhost (localhost.localdomain [127.0.0.1])
by mail.adfolsa.com.ec (Postfix) with ESMTP id BB5652328B2E;
Thu, 3 Oct 2013 19:19:43 -0500 (ECT)
Received: from mail.adfolsa.com.ec ([127.0.0.1])
by localhost (mail.adfolsa.com.ec [127.0.0.1]) (amavisdnew, port 10024)
with ESMTP id M0IdBkORiHww; Thu, 3 Oct 2013 19:19:43 0500 (ECT)
Received: from mail.adfolsa.com.ec (mail.adfolsa.com.ec [192.16
8.0.250])
by mail.adfolsa.com.ec (Postfix) with ESMTP id D0BDC2328157;
Thu, 3 Oct 2013 19:19:40 -0500 (ECT)
Date: Thu, 3 Oct 2013 19:19:40 -0500 (ECT)
From: "Sen. Ehigie Edobor" <jsuarez@adfolsa.com.ec>
ReplyTo: "Sen. Ehigie Edobor" <senehigieedobor@globomail.com>
Subject: Attention: Sir/Madam...
MIME-Version: 1.0
To: undisclosed-recipients:;
--=20
Dear Beneficiary,
Following this year's (2013) review of the global financial matters
and jus=
t concluded investigations today by the Federal Bureau of Investi
gation in =
conjunction with the EFCC, in view of the foregoing, a new paym
ent of Eight=
Million Five Hundred Thousand Dollars Only has been approved
in your favor=
and credited into an ATM CARD which shall be delivered to you.
Our final conclusion was that, the fund should be paid to you via
an automa=
ted teller machine card (ATM) as it seems, this will be easier and
faster f=
or you to receive payment.
Your new communication code: NG/.CCUF -HFCR-/RLPHJ/.
Thank you for your anticipated cooperation and we are looking fo
rward to he=
aring from you. Please confirm the follows:
1. Full Names:
2. Residence address:
3. Telephone/Fax number:
4. Age:
5. Next of Kin
6. Country of Residence
7. A copy of your driver=E2=80=99s license / international passp
ort:
Regards,
Sen. Ehigie Edobor.
Swift Debit ATM Card Payment System
Senate Committee on Banking, Finance and Payments
7.
El proveedor del servicio de internet nos hizo llegar un comunicado en el cual nos hacian
conocer el conflicto que presentaba la direccin IP del equipo que hace las veces de servidor
de correos y el Dominio que maneja mail.adfolsa.com.ec
Adjunto el mensaje de TELCONET
NOTIFICACION DE IP SPAMMER
FOR IAC 10 VER 09 11 09
Estimado cliente:
Le informo que la IP 186.5.101.118 asignada a MATERIALES AUTOADHESIVOS S.A.
ADFOLSA se encuentra listado en RBLs como generador de SPAM; por lo cual solicitamos su
justificacin del uso del puerto TCP 25 (SMTP) y las medidas Anti-spam que se estn usando.
El plazo mximo que otorga el Departamento de Seguridad Lgica ante esta incidencia es 2
das laborables, posterior a este se proceder al bloqueo de reenvo de trfico por dicho
puerto.
Quedo a la espera de su pronta respuesta, gracias por la atencin a la presente.
Atentamente,
Miguel Vaca
Ingeniero - IAC
Tel. (593)-2-3963100 ext. 4513
Cel. (593)-8-7591604
Av. 12 de Octubre N24-660 y Francisco Salazar, Quito - Ecuador
www.telconet.net
Estimado Cliente,
Como le haba comentado el bloqueo aun no ha sido realizado, sin embargo veo que la IP esta
listada en varias paginas en el mundo.
De la lista mostrada abajo por favor solo no tomar en cuenta l2.apews.org.
PSBL
This interface allows you to find out whether an IP address is/was listed in the PSBL and why. For every IP address that is/was
listed, the site will show you the time(s) a spamtrap received email from said IP address, as well as the time(s) the IP address was
News
List query
Remove an IP
127.0.0.2
Check evidence
Latest events
How to use PSBL
PSBL FAQ
About PSBL
Query Results
Received spamtrap mail for 186.5.101.118. Note that spamtrap addresses, URLs and some headers have been munged to prevent
listwashing. If you think this is not spam, please contact me at psbl(at)surriel(dot)com so future listings can be prevented.
Yes, this email really came from 186.5.101.118.
If this does not have the kind of Received: line your mail server creates, chances are you have a PC infected with spamware. Is
186.5.101.118 also your firewall?
186.5.101.118
Al momento todava vamos encontrando Pginas que bloquean los mensajes del dominio
mail.adfolsa.com, razn por la cual se recomienda seguir con el monitoreo del servicio de
Zimbra por lo menos 1 mes ms, para as protegernos de cualquier problema que pueda
suscitarse..
Atentamente,
Jaime Chvez
Monitoreo y Soporte