At 09:19 17-05-2007, Robert Fitzpatrick wrote:
We have a mail server that got listed on Outblaze, below is their
evidence. The IP and reverse DNS points to our NAT firewall. Since that
is the only received header, is there any way for me to track where this
came from? I check the mail logs on the only mail server on the network
(postfix) and found nothing...is this spoofing our IP?
Return-Path: <[EMAIL PROTECTED]>
Received: from 66-240-121-10.tpa.fdn.com (66-240-121-10.tpa.fdn.com
[66.240.121.10])
by spf3.us4.outblaze.com (Postfix) with SMTP id 3447B1E2CFE
If that IP address is from your network, then the email came from
it. It's unlikely that the IP address is spoofed.
There are no log entries as the email bypassed your mail server and
was sent directly to Outblaze.
If you log outgoing connections, you may be able to track down from
where the email originated. It may be from a computer infected with malware.
Regards,
-sm
