At 03:24 AM 8/4/2005, Loren Wilton wrote:
Someone reported something very similar to this on the list a month or so ago. It turned out (if I recall correctly) that he had something broken outside SA such that received headers that wrapped to a second line weren't starting with the required spaces on the continuation line. Once this was fixed things worked fine.
I think this is a bit different. I think these are fake headers generated by the spammer that are further down the message. All the "by" clauses have different servers in them, none of which is anything remotely like the poster's domain. In fact, most of them look like DSL nodes.
It would be interesting to see if these by clauses actually match the next hop out, which it might. Regardless, I think these are generated by a spambot. They might be inserting the headers to make the infected user look for an open relay instead of looking for a spambot infection.
