I thought ALL received headers were spoofable, just as easily as FROM and the other "comments" in an email header. Anyone trusting a received header inserted before a "trusted" server's (whatever that is) entry shouldn't.
I'd not worry about it (Unless, of course, it really did come thru your server<g>). Dan Barker -----Original Message----- From: SM [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 01, 2007 3:45 PM To: Justin Kim; users@spamassassin.apache.org Subject: Re: How can I find out which email account tha spammer used? Hello, At 11:41 01-08-2007, Justin Kim wrote: >According to the full header I got. >The original reciever was my company's IP. Does that mean that your company's mail server sent out the spam? >That means the final recipient will see the spam sender as our >company's postfix server. >Is there a good way to track down these kind of spammers? Is it in the >malilog that I have to look at? You have to read your mail log. You didn't provide the email address of the receiver and you obfuscated some information. As such, it's difficult to tell which of the headers are forged. Regards, -sm
