|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
(no subject)
Eric.Pfeifer
chase.com
Date: Fri Apr 25 2003 - 09:36:09 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Peter,
Thanks for the information... it confirms my suspicions...
is there any way to stop stuff like this in Postfix? Are there any third
party packages I can use that support virtual domains as well?
Eric Pfeifer
Peter Kiem
<zordah@zordah To: Eric Pfeifer/JPMCHASE@JPMCHASE
.net> cc: postfix-users@postfix.org
Subject: Re:
04/25/2003
02:44 AM
Hi Eric,
> jim@rightpathnetworks.com. My problem is that there aren't any email
users
> on the system with the local in-box's of ken or Jim. I looked at the
header
> information and I can't determine if I should be alarmed or not.
The from and to addresses inside the email can never be relied upon,
they are easy to fake and spammers usually do fake these to make them
look legitimate.
Even the from address of the envelope can be faked. The ONLY one you
can rely on is the to address of the envelope. The envelope from and to
addresses are the ones logged by postfix in your maillog.
> Apr 24 08:26:08 brutus postfix/smtpd[4299]: connect from
> 218-166-103-251.HINET-IP.hinet.net[218.166.103251]
IP address 218.166.103.251 sent you the email.
> Apr 24 08:26:10 brutus postfix/qmgr[894]: CF5C51793: from
=<good@127.0.0.1>,
> size=1731, nrcpt=1 (queue active)
Envelope from = good@127.0.0.1 (This looks fake so most likely a
spammer).
> Apr 24 08:26:10 brutus postfix/local[4302]: CF5C51793: to
> =<junk@rightpathnetworks.com>, relay=local, delay=2, status=sent
(mailbox)
Envelope to = junk@rightpathnetworks.com which is how it got into that
mailbox.
> header information from suspicious email...
> |----------------------+----------------------------------------------|
> |From: |<ken@rightpathnetworks.com> |
> |----------------------+----------------------------------------------|
> |To: |<Jim@rightpathnetworks.com> |
> |----------------------+----------------------------------------------|
Both these are easily faked and would be since you don't have those
users.
--
Regards,
+-----------------------------+---------------------------------+
| Peter Kiem .^. | E-Mail : <zordah@zordah.net> |
| Zordah IT /V\ | Mobile : +61 0414 724 766 |
| IT Consultancy & /( )\ | WWW : www.zordah.net |
| Internet Hosting ^^-^^ | ICQ : "Zordah" 866661 |
+-----------------------------+---------------------------------+
My current spamtrap address is est0403@zordah.net
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]