Eric.Pfeiferchase.com
Date: Thu Apr 24 2003 - 14:47:05 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

All,

I was tooling through one of my in-box's this morning and noticed an email
with the FROM: ken@rightpathnetworks.com
<email address of the in-box I was in was junk@rightpathnetworks.com.>
 so I dug deeper to find that the TO: was listed as
jim@rightpathnetworks.com. My problem is that there aren't any email users
on the system with the local in-box's of ken or Jim. I looked at the header
information and I can't determine if I should be alarmed or not.
 I have run the postfix server against several mail relay checkers and all
of them showed that in fact I was not setup to be one. Can someone tell me
what I'm missing and if I should be worried?

Thanks

Eric Pfeifer

Postfix maillog for this specific email.

Apr 24 08:26:08 brutus postfix/smtpd[4299]: connect from
218-166-103-251.HINET-IP.hinet.net[218.166.103251]
Apr 24 08:26:08 brutus postfix/smtpd[4299]: CF5C51793:
client=218-166-103-251.HINET-IP.hinet.net[218.166.103.251]
Apr 24 08:26:10 brutus postfix/cleanup[4300]: CF5C51793: message-id
=<MJsllNY30kkZIhTrBoe00000130@mj>
Apr 24 08:26:10 brutus postfix/qmgr[894]: CF5C51793: from=<good@127.0.0.1>,
size=1731, nrcpt=1 (queue active)
Apr 24 08:26:10 brutus postfix/local[4302]: CF5C51793: to
=<junk@rightpathnetworks.com>, relay=local, delay=2, status=sent (mailbox)
Apr 24 08:26:10 brutus postfix/local[4302]: warning: biff_notify:
Connection refused
Apr 24 08:26:10 brutus postfix/smtpd[4299]: disconnect from
218-166-103-251.HINET-IP.hinet.net[218.166.103.251]

header information from suspicious email...

|----------------------+----------------------------------------------|
|From line |From good@127.0.0.1 Thu Apr 24 08:26:10 2003 |
|----------------------+----------------------------------------------|
|Return-Path: |<good@127.0.0.1> |
|----------------------+----------------------------------------------|
|Delivered-To: |junk@rightpathnetworks.com |
|----------------------+----------------------------------------------|
|Received: |from mj (218-166-103-251.HINET-IP.hinet.net |
| |[218.166.103.251]) by |
| |brutus.rightpathnetworks.com (Postfix) with |
| |ESMTP id CF5C51793 for <eric@pfeif.net>; Thu, |
| |24 Apr 2003 08:26:08 -0400 (EDT) |
|----------------------+----------------------------------------------|
|Received: |from zcql.net ([127.0.0.1]) by mj with |
| |Microsoft SMTPSVC(6.0.2600.1); Thu, 24 Apr |
| |2003 21:20:54 +0800 |
|----------------------+----------------------------------------------|
|From: |<ken@rightpathnetworks.com> |
|----------------------+----------------------------------------------|
|To: |<Jim@rightpathnetworks.com> |
|----------------------+----------------------------------------------|
|Subject: |off-road winch |
|----------------------+----------------------------------------------|
|MIME-Version: |1.0 |
|----------------------+----------------------------------------------|
|Content-Type: |multipart/mixed;boundary= " |
| |----=_NextPart_000_004A_CCBF809D.48C8D711" |
|----------------------+----------------------------------------------|
|X-Priority: |3 |
|----------------------+----------------------------------------------|
|X-MSMail-Priority: |Normal |
|----------------------+----------------------------------------------|
|X-Mailer: |Microsoft Outlook Express 5.00.2919.6700 |
|----------------------+----------------------------------------------|
|X-MimeOLE: |Produced By Microsoft MimeOLE V5.00.2919.6700 |
|----------------------+----------------------------------------------|
|Message-ID: |<MJsllNY30kkZIhTrBoe00000130@mj> |
|----------------------+----------------------------------------------|
|X-OriginalArrivalTime:|24 Apr 2003 13:20:54.0949 (UTC) FILETIME |
| |=[55D44D50:01C30A64] |
|----------------------+----------------------------------------------|
|Date: |24 Apr 2003 21:20:54 +0800 |
|----------------------+----------------------------------------------|

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]