NW7US, Tomas wrote: > Ok, this one is new to me. Can someone guide me as to where my > security is broken, if I get these headers on a message? > >> Return-path: <[EMAIL PROTECTED]> >> X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on >> helios.hfradio.org >> X-Spam-Status: No, score=-0.8 required=1.0 >> tests=BAYES_05,FORGED_RCVD_HELO, TO_CC_NONE autolearn=no >> version=3.1.0 >> Received: from [11.54.168.176] by mail.swbell.net; Fri, 10 Mar >> 2006 08:17:42 >> X-Originating-IP: [60.170.26.144] via HTTP from >> webmail.swbell.net; Fri, 10 Mar 2006 08:17:42 >> Message-ID: <[EMAIL PROTECTED]> >> From: "Aimee Belcher" <[EMAIL PROTECTED]> >> Subject: Two Super Hot Picks, Get In Early! n23ui >> Date: Fri, 10 Mar 2006 00:17:15 -0800 >> X-IMAPbase: 1135281538 18330 >> Status: O >> X-UID: 18330 >> Content-Length: 743 >> X-Antivirus: AVG for E-mail 7.1.375 [268.2.1/277] >> MIME-Version: 1.0 >> Content-Transfer-Encoding: 8bit >> Content-Type: text/plain; charset=us-ascii > > the message has no To: header. If I read this right, my server is not > getting this via HTTP, right? The original was entered into the > stream via HTTP, but then that server sent it out... relaying it to my > server. Or, do I have a security issue via HTTP port??
I think your analysis might be correct. HOWEVER, there is one thing that concerns me.. Where's the Received: header generated by your server?? There doesn't appear to be one! SA is running on helios.hfradio.org, but the only Received: header shows it being delivered to mail.swbell.net. How'd it get from there to helios? I'd suspect the message headers are corrupted, or the message was inserted into your mail system WITHOUT going over SMTP.
