|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
(no subject)
From: Peter Kiem (zordah
zordah.net)
Date: Fri Apr 25 2003 - 01:44:03 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Eric,
> jim@rightpathnetworks.com. My problem is that there aren't any email users
> on the system with the local in-box's of ken or Jim. I looked at the header
> information and I can't determine if I should be alarmed or not.
The from and to addresses inside the email can never be relied upon,
they are easy to fake and spammers usually do fake these to make them
look legitimate.
Even the from address of the envelope can be faked. The ONLY one you
can rely on is the to address of the envelope. The envelope from and to
addresses are the ones logged by postfix in your maillog.
> Apr 24 08:26:08 brutus postfix/smtpd[4299]: connect from
> 218-166-103-251.HINET-IP.hinet.net[218.166.103251]
IP address 218.166.103.251 sent you the email.
> Apr 24 08:26:10 brutus postfix/qmgr[894]: CF5C51793: from=<good@127.0.0.1>,
> size=1731, nrcpt=1 (queue active)
Envelope from = good@127.0.0.1 (This looks fake so most likely a
spammer).
> Apr 24 08:26:10 brutus postfix/local[4302]: CF5C51793: to
> =<junk@rightpathnetworks.com>, relay=local, delay=2, status=sent (mailbox)
Envelope to = junk@rightpathnetworks.com which is how it got into that
mailbox.
> header information from suspicious email...
> |----------------------+----------------------------------------------|
> |From: |<ken@rightpathnetworks.com> |
> |----------------------+----------------------------------------------|
> |To: |<Jim@rightpathnetworks.com> |
> |----------------------+----------------------------------------------|
Both these are easily faked and would be since you don't have those
users.
--
Regards,
+-----------------------------+---------------------------------+
| Peter Kiem .^. | E-Mail : <zordah@zordah.net> |
| Zordah IT /V\ | Mobile : +61 0414 724 766 |
| IT Consultancy & /( )\ | WWW : www.zordah.net |
| Internet Hosting ^^-^^ | ICQ : "Zordah" 866661 |
+-----------------------------+---------------------------------+
My current spamtrap address is est0403@zordah.net
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]