On Thu, 12 Oct 2006, alex wrote:
> just got a bunch of bounced mails that have my ip in the header,
> but I checked my mail logs and don't see any relaying.
> does that mean the header is forged?
I've seen lots of this over the last couple of months. It seems to be
related to malware activity, be
alex wrote:
> does that mean the header is forged?
It is very common to see forged headers in email. My guess is that
yes those headers are forged. In fact even without looking if you
tell me the message is spam I would guess that the headers are
forged.
Bob
I'm on Linux, also did a snoop and didn't see any relaying so I hope not!
On Thu, Oct 12, 2006 at 05:51:39PM -0700, jdow wrote:
> Are you possibly infected and spewing spams?
>
> Note that the received headers can be forged. (There are even some
> clever tricks that are played with routers to rer
Are you possibly infected and spewing spams?
Note that the received headers can be forged. (There are even some
clever tricks that are played with routers to reroute your address
for a spam run then route it back that I have heard of.)
{^_^}
- Original Message -
From: "alex" <[EMAIL PRO
just got a bunch of bounced mails that have my ip in the header,
but I checked my mail logs and don't see any relaying.
does that mean the header is forged?
here is an example, I changed my ip in the example to a.b.c.d
and my domain to "mydomain"
Received: from mx06.east.net ([200.113.154.211])
describe QMAIL_TYPO Hand-forged Received header with typos
header QMAIL_TYPO Received =~ /\.[a-z]{1,4}\s\((?!Qmail)Qm[ail]{3}\)\swith\s/
scoreQMAIL_TYPO 1.00
--
John Hardin KA7OHZICQ#15735746http://www.impsec.org/~jhardin/
[EMAIL PROTECTED]FALaholic #11174pgpk -a [EMAIL PR
On 5/5/05, Ronnie Tartar <[EMAIL PROTECTED]> wrote:
> We run a descent sized datacenter. The problem I have is that someone sent
> out a spam with our abuse email address as the reply to.
>
> I have added an spf record to the dns now to try and reduce the forged
> header
From: "Ronnie Tartar" <[EMAIL PROTECTED]>
> We run a descent sized datacenter. The problem I have is that someone
sent
> out a spam with our abuse email address as the reply to.
>
> I have added an spf record to the dns now to try and reduce the forged
> headers
Ronnie Tartar wrote:
> We run a descent sized datacenter. The problem I have is that someone
> sent out a spam with our abuse email address as the reply to.
>
> I have added an spf record to the dns now to try and reduce the forged
> headers problem. Any other suggestions w
We run a descent sized datacenter. The problem I have is that someone sent
out a spam with our abuse email address as the reply to.
I have added an spf record to the dns now to try and reduce the forged
headers problem. Any other suggestions would be helpful.
Thanks in advance.
10 matches
Mail list logo
