On Wed, Dec 04, 2002 at 05:46:57PM -0800, Nick Arnett wrote: > Jeroen (which also allowed it to slip by sendmail's access block). > That message also contained a forged hostname: "notebook.mccmedia.com > ([212.83.87.23])"
Are you sure? My reading of the headers is that it didn't go through your system at all. Jeroen just sent it out to everyone from the old Brin-L list that he had (recipient list suppressed). I guess he BCC'd it. See the headers of the message I received below. It allegedly originated at notebook.mccmedia.com, which is obviously forged, then it went to amsfep15-int.chello.nl, Jeroen's ISP's mailserver. Then it went directly to me. It doesn't look to me like your listserv processed it at all. Also, you can see from the X-Sender and the Message-Id that the real machine that sent it was not notebook.mccmedia.com, but rather pop.brabant.chello.nl, in other words, the POP server of chello.nl that Jeroen connects to from his Eudora mail client. Return-path: <[EMAIL PROTECTED]> Envelope-to: [EMAIL PROTECTED] Delivery-date: Wed, 04 Dec 2002 19:23:06 -0500 Received: from amsfep15-int.chello.nl ([213.46.243.28]) by erikreuter with esmtp (Exim 3.36 #1 (Debian)) id 18JjnF-0008Hg-00 for <[EMAIL PROTECTED]>; Wed, 04 Dec 2002 19:23:06 -0500 Received: from notebook.mccmedia.com ([212.83.87.23]) by amsfep15-int.chello.nl (InterMail vM.5.01.05.17 201-253-122-126-117-20021021) with ESMTP id <[EMAIL PROTECTED]>; Thu, 5 Dec 2002 01:22:32 +0100 Message-Id: <[EMAIL PROTECTED]> X-Sender: [EMAIL PROTECTED] (Unverified) X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 05 Dec 2002 01:09:03 +0100 To: (Recipient list suppressed) From: "J. van Baardwijk" <[EMAIL PROTECTED]> Subject: Re: Admin: Server access blocked -- "Erik Reuter" <[EMAIL PROTECTED]> http://www.erikreuter.net/ _______________________________________________ http://www.mccmedia.com/mailman/listinfo/brin-l