On Wed, Dec 04, 2002 at 05:46:57PM -0800, Nick Arnett wrote:
> Jeroen (which also allowed it to slip by sendmail's access block).
> That message also contained a forged hostname: "notebook.mccmedia.com
> ([212.83.87.23])"
Are you sure? My reading of the headers is that it didn't go through
your system at all. Jeroen just sent it out to everyone from the old
Brin-L list that he had (recipient list suppressed). I guess he BCC'd
it.
See the headers of the message I received below. It allegedly originated
at notebook.mccmedia.com, which is obviously forged, then it went to
amsfep15-int.chello.nl, Jeroen's ISP's mailserver. Then it went directly
to me. It doesn't look to me like your listserv processed it at all.
Also, you can see from the X-Sender and the Message-Id that the
real machine that sent it was not notebook.mccmedia.com, but rather
pop.brabant.chello.nl, in other words, the POP server of chello.nl that
Jeroen connects to from his Eudora mail client.
Return-path: <[EMAIL PROTECTED]>
Envelope-to: [EMAIL PROTECTED]
Delivery-date: Wed, 04 Dec 2002 19:23:06 -0500
Received: from amsfep15-int.chello.nl ([213.46.243.28])
by erikreuter with esmtp (Exim 3.36 #1 (Debian))
id 18JjnF-0008Hg-00
for <[EMAIL PROTECTED]>; Wed, 04 Dec 2002 19:23:06 -0500
Received: from notebook.mccmedia.com ([212.83.87.23])
by amsfep15-int.chello.nl
(InterMail vM.5.01.05.17 201-253-122-126-117-20021021) with ESMTP
id <[EMAIL PROTECTED]>;
Thu, 5 Dec 2002 01:22:32 +0100
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED] (Unverified)
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Thu, 05 Dec 2002 01:09:03 +0100
To: (Recipient list suppressed)
From: "J. van Baardwijk" <[EMAIL PROTECTED]>
Subject: Re: Admin: Server access blocked
--
"Erik Reuter" <[EMAIL PROTECTED]> http://www.erikreuter.net/
_______________________________________________
http://www.mccmedia.com/mailman/listinfo/brin-l
