I think you are misreading it. The only references to
[EMAIL PROTECTED] indicate that it is the recipient.
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received ... for <[EMAIL PROTECTED]>
The only indications of the sender are:
Return-Path: <[EMAIL PROTECTED]>
Reply-To: "Wojciech Doucette" <[EMAIL PROTECTED]>
From: "Wojciech Doucette" <[EMAIL PROTECTED]>
I don't know about the return path (it depends on which server wrote
it), but the other two are set by the sender and can easily be faked.
However, this is not your admin address, it is something else
entirely.
Bowie
Thomas Lindell wrote:
> I guess I am confused. It appears to me that it was sent by
> [EMAIL PROTECTED] to [EMAIL PROTECTED]
>
> Of course like stuart pointed out I could be just misreading it
>
> From: Bowie Bailey [mailto:[EMAIL PROTECTED]
> >
> > In this case, there was no opportunity to fake headers. Your
> > server received the connection directly from the source.
> >
> > The IP address is 82.234.174.1. This is the one thing that is
> > almost impossible to fake.
> >
> > This address resolves to "pro75-3-82-234-174-1.fbx.proxad.net".
> > This can't be faked without hacking the DNS servers.
> >
> > The sending server identified itself as "burkeauto.com". This can
> > be (and frequently is) faked, but it doesn't really matter.
> >
> > So what you have here is a simple case of a remote server sending
> > you spam.
> >
> > If there were more received lines below the one indicating receipt
> > by your server, you have to assume that the information could be
> > fake. This is why the trusted_networks setting in SpamAssassin is
> > so important. It lets SA determine which headers can be trusted.
> >
> > Bowie
> >
> > Thomas Lindell wrote:
> > > Does that mean they just faked the headers?
> > >
> > >
> > > I am new to mail administration only been doing it a couple of
> > > months now and I appreciate all the help.
> > >
> > > Thanks
> > >
> > > Tom
> > >
> > > From: Stuart Johnston [mailto:[EMAIL PROTECTED]
> > > >
> > > > I think you may be misreading the headers. This mail came
> > > > from pro75-3-82-234-174-1.fbx.proxad.net [82.234.174.1] (a
> > > > French ISP).
> > > >
> > > >
> > > > Thomas Lindell wrote:
> > > > > Gah just when I thought I had spam problems resolved not it
> > > > > appears someones able to send spam directly from the server
> > > > >
> > > > >
> > > > > Return-Path: <[EMAIL PROTECTED]>
> > > > > X-Original-To: [EMAIL PROTECTED]
> > > > > Delivered-To: [EMAIL PROTECTED]
> > > > > Received: from localhost (localhost.airbornedatalink.com
> > > > > [127.0.0.1]) by adlsrv4.airbornedatalink.com
> > > > > (Postfix) with ESMTP id 19D3A34004 for
> > > > > <[EMAIL PROTECTED]>; Wed, 26 Jul 2006 10:41:52 -0500 (CDT)
> > > > > X-Virus-Scanned: amavisd-new at adlmail.com
> > > > > Received: from adlsrv4.airbornedatalink.com ([127.0.0.1])
> > > > > by localhost (adlsrv4.airbornedatalink.com
> > > > > [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
> > > > > id 63sUVcMA5Y1h for <[EMAIL PROTECTED]>; Wed, 26
> > > > > Jul 2006 10:41:47 -0500 (CDT)
> > > > > Received: from burkeauto.com
> > > > > (pro75-3-82-234-174-1.fbx.proxad.net
> > > > > [82.234.174.1]) by adlsrv4.airbornedatalink.com
> > > > > (Postfix) with SMTP id 402AB34001 for <[EMAIL PROTECTED]>; Wed,
> > > > > 26 Jul 2006 10:41:47 -0500 (CDT) Message-ID:
> > > > > <[EMAIL PROTECTED]>
> > > > > Reply-To: "Wojciech Doucette" <[EMAIL PROTECTED]>
> > > > > From: "Wojciech Doucette" <[EMAIL PROTECTED]>
> > > > > To: [EMAIL PROTECTED]
> > > > > Subject: Re: keiyqVjlAGRA
> > > > > Date: Wed, 26 Jul 2006 08:37:50 -0700
> > > > > MIME-Version: 1.0
> > > > > Content-Type: multipart/alternative;
> > > > >
> > > > > boundary="----=_NextPart_000_0001_01C6B08E.C7334B30"
> > > > > X-Priority: 3 X-MSMail-Priority: Normal
> > > > > X-Mailer: Microsoft Outlook Express 6.00.2800.1106
> > > > > X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
> > > > > X-Antivirus: AVG for E-mail 7.1.394 [268.10.4/399
> > > > >
> > > > >
> > > > > Based on this header I believe it's some sort of bounce attack
> > > > > or local attack
> > > > >
> > > > > Anyone have any thoughts I'm at my wits end
