OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Server accepting mails that are normally refused - hack?

From: Eddy Ilg (eddyfericom.net)
Date: Mon Oct 01 2007 - 16:11:54 CDT

Hi,

our mailserver is filling it's queue with mails that it should not
accept. E.g.:
sender: staton.77128yahoo.com.jp
recipient: jensenchms34.hinet.net

If I try to drop a mail to jensenchms34.hinet.net with a telnet SMTP
session postfix refuses to accept it, so the big question is why does
postfix accept these mails? Is the sender using a trick to bypass the
address verifications?

Here's the mail contents:
-----------------------------
*** ENVELOPE RECORDS deferred/0/082E98062CC ***
message_size: 1548 213 1
     0
message_arrival_time: Sat Sep 29 14:37:37 2007
create_time: Sat Sep 29 14:37:42 2007
named_attribute: rewrite_context=remote
sender_fullname:
sender: staton.77128yahoo.com.jp
original_recipient: jensenchms34.hinet.net
recipient: jensenchms34.hinet.net
*** MESSAGE CONTENTS deferred/0/082E98062CC ***
Received: by mail.dextermedia.net (Postfix, from userid 1001)
         id 082E98062CC; Sat, 29 Sep 2007 14:37:42 +0200 (CEST)
Received: from EXCHANGE (brmn-4db7427e.pool.einsundeins.de [77.183.66.126])
         by mail.dextermedia.net (Postfix) with ESMTP id 8A8D38062DD
         for <jensenchms34.hinet.net>; Sat, 29 Sep 2007 14:37:37 +0200
(CEST)
Received: from [202.153.31.4] (helo=77.183.66.126)
         by law-fit.dyndns.org with smtp (Exim 4.43)
         id 1IbbZf-0002O0-HX; Sat, 29 Sep 2007 14:37:36 +0200
Received: from 144.92.30.64 by 202.153.31.4; Tue, 02 Oct 2007 13:31:59 +0100
Message-ID: <YHYIVDGMBFEOUNZNHIPBMMms47.hinet.net>
From: "°s)(¦À)(¦×)(ªL" <staton.77128yahoo.com.jp>
To: jeitms26.hinet.net
Subject: ¤k¦P¨Æ¥s§Ú©ç¦o»r·Ó«o¤S¤£
Date: Tue, 02 Oct 2007 07:35:59 -0500
X-Mailer: %WORD_0 %WORD_1 %WORD_2 1312
MIME-Version: 1.0
Content-Type: multipart/alternative;
         boundary="--7872251897102089591"
X-Priority: 3
X-MSMail-Priority: Normal

----7872251897102089591
Content-Type: text/plain;
Content-Transfer-Encoding: quoted-printable

>_<
=A7=D6=A5=CE=A7A=A8=BA=AE=DA=A4p=A4=F5=AE=E3=C2I=BFU=B3o=A2=B2=A6=EC=B7=
=F6=A4k=AA=BA=BC=A4=A4=F5=A7a!

F=A5=A4 ~ =AAB=A4=CD=A9d=A4=A3=A5i=C0=B8=A1A=A4=A8=E2=A6=B8=A8S=C3=F6=ABY=
=A1I

http://google.sina.com.tw/search/ad_task.do?adurl=3Dhttp://idywt.com/wei66=

http://google.sina.com.tw/search/ad_task.do?adurl=3Dhttp://mcnehds.net/wei=
66
http://aol.com/redir.adp?_url=3Dhttp://idywt.com/wei66

*=A9t=A8k=A6h=A4k=C0=E3=BE=C7=B0|(=A4k=A4l=B1J=AA=D9=BDg)*

----7872251897102089591--

*** HEADER EXTRACTED deferred/0/082E98062CC ***
*** MESSAGE FILE END deferred/0/082E98062CC ***
-----------------------------

Thanks

Eddy