Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

"Never give in. Never give in. Never. Never. Never." -- Winston Churchill

computers / alt.comp.os.windows-10 / Message header query. Can you help me to understand, please?

SubjectAuthor
* Message header query. Can you help me to understand, please?David Brooks
+* Re: Message header query. Can you help me to understand, please?VanguardLH
|`- Re: Message header query. Can you help me to understand, please?David Brooks
`* Re: Message header query. Can you help me to understand, please?Paul
 `* Re: Message header query. Can you help me to understand, please?David Brooks
  `- Re: Message header query. Can you help me to understand, please?Paul

1
Message header query. Can you help me to understand, please?

<Q%zKM.162975$uEkc.98935@fx35.iad>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=73300&group=alt.comp.os.windows-10#73300

  copy link   Newsgroups: alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!weretis.net!feeder6.news.weretis.net!panix!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx35.iad.POSTED!not-for-mail
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Newsgroups: alt.comp.os.windows-10
Content-Language: en-GB
From: BDB...@invalid.invalid.uk (David Brooks)
Subject: Message header query. Can you help me to understand, please?
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Lines: 37
Message-ID: <Q%zKM.162975$uEkc.98935@fx35.iad>
X-Complaints-To: abuse@blocknews.net
NNTP-Posting-Date: Fri, 08 Sep 2023 07:25:36 UTC
Organization: blocknews - www.blocknews.net
Date: Fri, 8 Sep 2023 08:25:36 +0100
X-Received-Bytes: 1959
 by: David Brooks - Fri, 8 Sep 2023 07:25 UTC

This post refers: http://al.howardknight.net/?ID=169407187300

=

X-Received: by 2002:a37:66d0:0:b0:6a3:6e94:7794 with SMTP id
a199-20020a3766d0000000b006a36e947794mr5782903qkc.526.1653314753859;
Mon, 23 May 2022 07:05:53 -0700 (PDT)
X-Received: by 2002:a9d:5c11:0:b0:60a:fa23:6669 with SMTP id
o17-20020a9d5c11000000b0060afa236669mr5005063otk.366.1653314753511;
Mon, 23
May 2022 07:05:53 -0700 (PDT)
Path:
....!news.mixmin.net!proxad.net!feeder1-2.proxad.net!209.85.160.216.MISMATCH!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: alt.computer.workshop
Date: Mon, 23 May 2022 07:05:53 -0700 (PDT)
Injection-Info: google-groups.googlegroups.com;
posting-host=2603:6080:5501:a86:45c9:7239:7906:e4af;
posting-account=Nxyp_AoAAACGtpU0VyRJoCwoVcxIzSbD
NNTP-Posting-Host: 2603:6080:5501:a86:45c9:7239:7906:e4af
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <d8ad2fa1-7820-4c79-9018-3843a562def8n@googlegroups.com>
Subject: Clam XAV on my brand new Mac
Injection-Date: Mon, 23 May 2022 14:05:53 +0000
Content-Type: text/plain; charset="UTF-8"
Bytes: 1238
Lines: 2

=

I can't quite work out the path which was actually taken by this post
for it to get to my computer. It's not 'normal'!

Your help would be appreciated. Thanks.

--
David

Re: Message header query. Can you help me to understand, please?

<amvtkx85j2tw$.dlg@v.nguard.lh>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=73301&group=alt.comp.os.windows-10#73301

  copy link   Newsgroups: alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!usenet.goja.nl.eu.org!weretis.net!feeder8.news.weretis.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: V...@nguard.LH (VanguardLH)
Newsgroups: alt.comp.os.windows-10
Subject: Re: Message header query. Can you help me to understand, please?
Date: Fri, 8 Sep 2023 03:06:00 -0500
Organization: Usenet Elder
Lines: 41
Sender: V@nguard.LH
Message-ID: <amvtkx85j2tw$.dlg@v.nguard.lh>
References: <Q%zKM.162975$uEkc.98935@fx35.iad>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Trace: individual.net ru1PdEUhgrS33zGaAh5Lhgm09IDfy/Ut1skdr0gZaZfd7/aODQ
Keywords: VanguardLH,VLH
Cancel-Lock: sha1:X2Ar9hNRmsLgPNuSQn5joInJ3I4= sha256:+Z5g4hE/sqT4XZ+uCPQWeg4+zm6XKfhR4EuwrIb23Rc=
User-Agent: 40tude_Dialog/2.0.15.41
 by: VanguardLH - Fri, 8 Sep 2023 08:06 UTC

David Brooks <BDB@invalid.invalid.uk> wrote:

And the nymshifter nymshifts again. Updated my Brooks filter.

> This post refers: http://al.howardknight.net/?ID=169407187300
>
> =
>
> Path: ...!news.mixmin.net!proxad.net!feeder1-2.proxad.net!209.85.160.216.MISMATCH!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
>
> =
>
> I can't quite work out the path which was actually taken by this post
> for it to get to my computer. It's not 'normal'!
>
> Your help would be appreciated. Thanks.

What you can't figure out you did not mention.

Howard Knight does NOT show the full path, especially to themself. They
are not interested in divulging just where is their client node
receiving the peered article perhaps because it changes or they operate
an NNTP farm. HK is operating an archive, not telling you their
position in a peering relationship. This is something you realize after
using HK for a few a while. HK used to have a search function, but that
was removed back in 2019, so now you must know the MID for the archived
article. HK moved to a different server, and change the server-side
scripting (from Perl to PHP).

It's really that tough to figure out the injection node was at Google?
The right-token in the MID header confirms it, too, as well as G2 for
the User-Agent header.

Although I filter out all posts where the injection node shows the post
originated from mixmin (aka the "sewer" which THEY have actually called
themself in the PATH header), I don't filter out articles peered through
them; i.e., injection node (source) is not mixmin, but from somewhere
else that peered through mixmin.

So, just WHAT couldn't you figure out? You'll need to hope someone else
responds since I filter out nymshifters, like you.

Re: Message header query. Can you help me to understand, please?

<GWMKM.716755$xMqa.535488@fx12.iad>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=73310&group=alt.comp.os.windows-10#73310

  copy link   Newsgroups: alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx12.iad.POSTED!not-for-mail
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Message header query. Can you help me to understand, please?
Content-Language: en-GB
Newsgroups: alt.comp.os.windows-10
References: <Q%zKM.162975$uEkc.98935@fx35.iad> <amvtkx85j2tw$.dlg@v.nguard.lh>
From: BDB...@invalid.invalid.uk (David Brooks)
In-Reply-To: <amvtkx85j2tw$.dlg@v.nguard.lh>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Lines: 48
Message-ID: <GWMKM.716755$xMqa.535488@fx12.iad>
X-Complaints-To: abuse@blocknews.net
NNTP-Posting-Date: Fri, 08 Sep 2023 22:07:34 UTC
Organization: blocknews - www.blocknews.net
Date: Fri, 8 Sep 2023 23:07:34 +0100
X-Received-Bytes: 2747
 by: David Brooks - Fri, 8 Sep 2023 22:07 UTC

On 08/09/2023 09:06, VanguardLH wrote:
> David Brooks <BDB@invalid.invalid.uk> wrote:
>
> And the nymshifter nymshifts again. Updated my Brooks filter.
>
>> This post refers: http://al.howardknight.net/?ID=169407187300
>>
>> =
>>
>> Path: ...!news.mixmin.net!proxad.net!feeder1-2.proxad.net!209.85.160.216.MISMATCH!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
>>
>> =
>>
>> I can't quite work out the path which was actually taken by this post
>> for it to get to my computer. It's not 'normal'!
>>
>> Your help would be appreciated. Thanks.
>
> What you can't figure out you did not mention.
>
> Howard Knight does NOT show the full path, especially to themself. They
> are not interested in divulging just where is their client node
> receiving the peered article perhaps because it changes or they operate
> an NNTP farm. HK is operating an archive, not telling you their
> position in a peering relationship. This is something you realize after
> using HK for a few a while. HK used to have a search function, but that
> was removed back in 2019, so now you must know the MID for the archived
> article. HK moved to a different server, and change the server-side
> scripting (from Perl to PHP).
>
> It's really that tough to figure out the injection node was at Google?
> The right-token in the MID header confirms it, too, as well as G2 for
> the User-Agent header.
>
> Although I filter out all posts where the injection node shows the post
> originated from mixmin (aka the "sewer" which THEY have actually called
> themself in the PATH header), I don't filter out articles peered through
> them; i.e., injection node (source) is not mixmin, but from somewhere
> else that peered through mixmin.
>
> So, just WHAT couldn't you figure out? You'll need to hope someone else
> responds since I filter out nymshifters, like you.

Thank you for your kind and helpful words, VLH! :-D

--
David

Re: Message header query. Can you help me to understand, please?

<udi71d$5363$1@dont-email.me>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=73317&group=alt.comp.os.windows-10#73317

  copy link   Newsgroups: alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: nos...@needed.invalid (Paul)
Newsgroups: alt.comp.os.windows-10
Subject: Re: Message header query. Can you help me to understand, please?
Date: Sat, 9 Sep 2023 12:38:03 -0400
Organization: A noiseless patient Spider
Lines: 38
Message-ID: <udi71d$5363$1@dont-email.me>
References: <Q%zKM.162975$uEkc.98935@fx35.iad>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Date: Sat, 9 Sep 2023 16:38:05 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="cd66d5844cdb0d3403284065d8cb4f35";
logging-data="167107"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/wW4SGCrUdAymlBL+0Un4rRs9/aK3HEts="
User-Agent: Ratcatcher/2.0.0.25 (Windows/20130802)
Cancel-Lock: sha1:9uzidVShfVpbueCQc9G1IB/uhxM=
Content-Language: en-US
In-Reply-To: <Q%zKM.162975$uEkc.98935@fx35.iad>
 by: Paul - Sat, 9 Sep 2023 16:38 UTC

On 9/8/2023 3:25 AM, David Brooks wrote:
> This post refers: http://al.howardknight.net/?ID=169407187300
>
> =
>
> X-Received: by 2002:a37:66d0:0:b0:6a3:6e94:7794 with SMTP id a199-20020a3766d0000000b006a36e947794mr5782903qkc.526.1653314753859;
>         Mon, 23 May 2022 07:05:53 -0700 (PDT)
> X-Received: by 2002:a9d:5c11:0:b0:60a:fa23:6669 with SMTP id
>  o17-20020a9d5c11000000b0060afa236669mr5005063otk.366.1653314753511; Mon, 23
>  May 2022 07:05:53 -0700 (PDT)
> Path: ...!news.mixmin.net!proxad.net!feeder1-2.proxad.net!209.85.160.216.MISMATCH!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
> Newsgroups: alt.computer.workshop
> Date: Mon, 23 May 2022 07:05:53 -0700 (PDT)
> Injection-Info: google-groups.googlegroups.com; posting-host=2603:6080:5501:a86:45c9:7239:7906:e4af;
>  posting-account=Nxyp_AoAAACGtpU0VyRJoCwoVcxIzSbD
> NNTP-Posting-Host: 2603:6080:5501:a86:45c9:7239:7906:e4af
> User-Agent: G2/1.0
> MIME-Version: 1.0
> Message-ID: <d8ad2fa1-7820-4c79-9018-3843a562def8n@googlegroups.com>
> Subject: Clam XAV on my brand new Mac
> Injection-Date: Mon, 23 May 2022 14:05:53 +0000
> Content-Type: text/plain; charset="UTF-8"
> Bytes: 1238
> Lines: 2
>
> =
>
> I can't quite work out the path which was actually taken by this post for it to get to my computer. It's not 'normal'!
>
> Your help would be appreciated. Thanks.
>

I checked on another server, and the path looks perfectly normal.

The poster was communicating from GoogleGroups spammer hole.

Paul

Re: Message header query. Can you help me to understand, please?

<bG6LM.1116763$mPI2.147125@fx15.iad>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=73323&group=alt.comp.os.windows-10#73323

  copy link   Newsgroups: alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx15.iad.POSTED!not-for-mail
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: Message header query. Can you help me to understand, please?
Content-Language: en-GB
Newsgroups: alt.comp.os.windows-10
References: <Q%zKM.162975$uEkc.98935@fx35.iad> <udi71d$5363$1@dont-email.me>
From: BDB...@invalid.invalid.uk (David Brooks)
In-Reply-To: <udi71d$5363$1@dont-email.me>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Lines: 47
Message-ID: <bG6LM.1116763$mPI2.147125@fx15.iad>
X-Complaints-To: abuse@blocknews.net
NNTP-Posting-Date: Sat, 09 Sep 2023 22:51:51 UTC
Organization: blocknews - www.blocknews.net
Date: Sat, 9 Sep 2023 23:51:51 +0100
X-Received-Bytes: 2579
 by: David Brooks - Sat, 9 Sep 2023 22:51 UTC

On 09/09/2023 17:38, Paul wrote:
> On 9/8/2023 3:25 AM, David Brooks wrote:
>> This post refers: http://al.howardknight.net/?ID=169407187300
>>
>> =
>>
>> X-Received: by 2002:a37:66d0:0:b0:6a3:6e94:7794 with SMTP id a199-20020a3766d0000000b006a36e947794mr5782903qkc.526.1653314753859;
>>         Mon, 23 May 2022 07:05:53 -0700 (PDT)
>> X-Received: by 2002:a9d:5c11:0:b0:60a:fa23:6669 with SMTP id
>>  o17-20020a9d5c11000000b0060afa236669mr5005063otk.366.1653314753511; Mon, 23
>>  May 2022 07:05:53 -0700 (PDT)
>> Path: ...!news.mixmin.net!proxad.net!feeder1-2.proxad.net!209.85.160.216.MISMATCH!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
>> Newsgroups: alt.computer.workshop
>> Date: Mon, 23 May 2022 07:05:53 -0700 (PDT)
>> Injection-Info: google-groups.googlegroups.com; posting-host=2603:6080:5501:a86:45c9:7239:7906:e4af;
>>  posting-account=Nxyp_AoAAACGtpU0VyRJoCwoVcxIzSbD
>> NNTP-Posting-Host: 2603:6080:5501:a86:45c9:7239:7906:e4af
>> User-Agent: G2/1.0
>> MIME-Version: 1.0
>> Message-ID: <d8ad2fa1-7820-4c79-9018-3843a562def8n@googlegroups.com>
>> Subject: Clam XAV on my brand new Mac
>> Injection-Date: Mon, 23 May 2022 14:05:53 +0000
>> Content-Type: text/plain; charset="UTF-8"
>> Bytes: 1238
>> Lines: 2
>>
>> =
>>
>> I can't quite work out the path which was actually taken by this post for it to get to my computer. It's not 'normal'!
>>
>> Your help would be appreciated. Thanks.
>>
>
> I checked on another server, and the path looks perfectly normal.

It was most kind of you to check, Paul. Thank you. :-)

> The poster was communicating from GoogleGroups spammer hole.

I'm sure you are well aware that Message Headers can be, and often are,
forged!
https://flylib.com/books/en/2.57.1.182/1/

--
David

Re: Message header query. Can you help me to understand, please?

<udj0um$8lok$1@dont-email.me>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=73324&group=alt.comp.os.windows-10#73324

  copy link   Newsgroups: alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: nos...@needed.invalid (Paul)
Newsgroups: alt.comp.os.windows-10
Subject: Re: Message header query. Can you help me to understand, please?
Date: Sat, 9 Sep 2023 20:00:21 -0400
Organization: A noiseless patient Spider
Lines: 53
Message-ID: <udj0um$8lok$1@dont-email.me>
References: <Q%zKM.162975$uEkc.98935@fx35.iad> <udi71d$5363$1@dont-email.me>
<bG6LM.1116763$mPI2.147125@fx15.iad>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Date: Sun, 10 Sep 2023 00:00:22 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="ccfd120ed28e9282ed932eeee8860ad5";
logging-data="284436"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/up2bqAP89pAyW2g/M+BihAxpYAF0bngc="
User-Agent: Ratcatcher/2.0.0.25 (Windows/20130802)
Cancel-Lock: sha1:Oif+pfh7MfAnz3qwzOKDJMOeYeE=
In-Reply-To: <bG6LM.1116763$mPI2.147125@fx15.iad>
Content-Language: en-US
 by: Paul - Sun, 10 Sep 2023 00:00 UTC

On 9/9/2023 6:51 PM, David Brooks wrote:
> On 09/09/2023 17:38, Paul wrote:
>> On 9/8/2023 3:25 AM, David Brooks wrote:
>>> This post refers: http://al.howardknight.net/?ID=169407187300
>>>
>>> =
>>>
>>> X-Received: by 2002:a37:66d0:0:b0:6a3:6e94:7794 with SMTP id a199-20020a3766d0000000b006a36e947794mr5782903qkc.526.1653314753859;
>>>          Mon, 23 May 2022 07:05:53 -0700 (PDT)
>>> X-Received: by 2002:a9d:5c11:0:b0:60a:fa23:6669 with SMTP id
>>>   o17-20020a9d5c11000000b0060afa236669mr5005063otk.366.1653314753511; Mon, 23
>>>   May 2022 07:05:53 -0700 (PDT)
>>> Path: ...!news.mixmin.net!proxad.net!feeder1-2.proxad.net!209.85.160.216.MISMATCH!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
>>> Newsgroups: alt.computer.workshop
>>> Date: Mon, 23 May 2022 07:05:53 -0700 (PDT)
>>> Injection-Info: google-groups.googlegroups.com; posting-host=2603:6080:5501:a86:45c9:7239:7906:e4af;
>>>   posting-account=Nxyp_AoAAACGtpU0VyRJoCwoVcxIzSbD
>>> NNTP-Posting-Host: 2603:6080:5501:a86:45c9:7239:7906:e4af
>>> User-Agent: G2/1.0
>>> MIME-Version: 1.0
>>> Message-ID: <d8ad2fa1-7820-4c79-9018-3843a562def8n@googlegroups.com>
>>> Subject: Clam XAV on my brand new Mac
>>> Injection-Date: Mon, 23 May 2022 14:05:53 +0000
>>> Content-Type: text/plain; charset="UTF-8"
>>> Bytes: 1238
>>> Lines: 2
>>>
>>> =
>>>
>>> I can't quite work out the path which was actually taken by this post for it to get to my computer. It's not 'normal'!
>>>
>>> Your help would be appreciated. Thanks.
>>>
>>
>> I checked on another server, and the path looks perfectly normal.
>
> It was most kind of you to check, Paul. Thank you. :-)
>
>> The poster was communicating from GoogleGroups spammer hole.
>
> I'm sure you are well aware that Message Headers can be, and often are, forged!
> https://flylib.com/books/en/2.57.1.182/1/
>
Why do you think all that drug-spam comes from Google Groups ???

It's the perfect place to post from. Just use a throw-away GMail account.

There's a trick, so that people can't even report you for abuse.

It's the perfect haven.

Paul

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor