Does that mean they just faked the headers?
I am new to mail administration only been doing it a couple of months now and I appreciate all the help. Thanks Tom -----Original Message----- From: Stuart Johnston [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 26, 2006 11:00 AM To: Thomas Lindell Cc: 'Spamassassin Users List' Subject: Re: spam I think you may be misreading the headers. This mail came from pro75-3-82-234-174-1.fbx.proxad.net [82.234.174.1] (a French ISP). Thomas Lindell wrote: > Gah just when I thought I had spam problems resolved not it appears > someones able to send spam directly from the server > > > > Return-Path: <[EMAIL PROTECTED]> > > X-Original-To: [EMAIL PROTECTED] > > Delivered-To: [EMAIL PROTECTED] > > Received: from localhost (localhost.airbornedatalink.com [127.0.0.1]) > > by adlsrv4.airbornedatalink.com (Postfix) with ESMTP id > 19D3A34004 > > for <[EMAIL PROTECTED]>; Wed, 26 Jul 2006 10:41:52 -0500 (CDT) > > X-Virus-Scanned: amavisd-new at adlmail.com > > Received: from adlsrv4.airbornedatalink.com ([127.0.0.1]) > > by localhost (adlsrv4.airbornedatalink.com [127.0.0.1]) > (amavisd-new, port 10024) > > with ESMTP id 63sUVcMA5Y1h for <[EMAIL PROTECTED]>; > > Wed, 26 Jul 2006 10:41:47 -0500 (CDT) > > Received: from burkeauto.com (pro75-3-82-234-174-1.fbx.proxad.net > [82.234.174.1]) > > by adlsrv4.airbornedatalink.com (Postfix) with SMTP id > 402AB34001 > > for <[EMAIL PROTECTED]>; Wed, 26 Jul 2006 10:41:47 -0500 (CDT) > > Message-ID: <[EMAIL PROTECTED]> > > Reply-To: "Wojciech Doucette" <[EMAIL PROTECTED]> > > From: "Wojciech Doucette" <[EMAIL PROTECTED]> > > To: [EMAIL PROTECTED] > > Subject: Re: keiyqVjlAGRA > > Date: Wed, 26 Jul 2006 08:37:50 -0700 > > MIME-Version: 1.0 > > Content-Type: multipart/alternative; > > boundary="----=_NextPart_000_0001_01C6B08E.C7334B30" > > X-Priority: 3 > > X-MSMail-Priority: Normal > > X-Mailer: Microsoft Outlook Express 6.00.2800.1106 > > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 > > X-Antivirus: AVG for E-mail 7.1.394 [268.10.4/399 > > > > > > Based on this header I believe it's some sort of bounce attack or local > attack > > > > Anyone have any thoughts I'm at my wits end > > > > Tom >
