Mail server emitting advance fee fraud (‘419’) spam thanks to a compromised password.
mail.ip.ncnet.ru. 3600 IN A 220.127.116.11
Received: from mail.ip.ncnet.ru (HELO mail.ip.ncnet.ru) (18.104.22.168)
by x (x) with ESMTP; Wed, 01 Dec 2021 xx:xx:xx +0000
Received: from [22.214.171.124] (account 111 HELO User)
by mail.ip.ncnet.ru (CommuniGate Pro SMTP 5.2.12)
with ESMTPA id x; Wed, 01 Dec 2021 xx:xx:xx +0400
From: Mazin Hussein <firstname.lastname@example.org>
Subject: Can you supply your company Products
Date: Wed, 1 Dec 2021 xx:xx:xx -0800
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
I am contacting you to take part in the ongoing rebuilding of our great
country Iraq, after many years of conflicts by supplying your products here in Iraq.
We are determined to purchase your products in large quantities. A
consideration also is that your quotation must be CIF Port of Umm Qasr.
Get back to me with your products name and prices.