Hi Yah,
This header is from a spam mail that arrived in my email this afternoon,
opened it up to check the header and noticed it had come through one of our
Cobalt Raq3's and had a customers domain as a receipient. The RaQ has Telnet
disabled, it has pop before smtp and there is no smtp servers running or no
relaying allowed.
The servers been checked for old versions of formmail and other similiar
scripts - so how can the spammer manage to still filter stuff through this
server??
Return-Path: <[EMAIL PROTECTED]>
Delivered-To: [EMAIL PROTECTED] (my private address ommitted)
X-Envelope-To: [EMAIL PROTECTED]
Received: (qmail 90355 invoked by alias); 9 Nov 2001 04:32:52 -0000
Received: from unknown (HELO ns.our-raq3.com) (xxx.xxx.xxx.xxx)
by debbie.paradise.net.nz with SMTP; 9 Nov 2001 04:32:52 -0000
Received: from femail19.sdc1.sfba.home.com (femail19.sdc1.sfba.home.com
[24.0.95.128])
by ns.our-raq3.com (8.9.3/8.9.3) with ESMTP id VAA03451
for <[EMAIL PROTECTED]>; Thu, 8 Nov 2001 21:32:46 -0700
From: [EMAIL PROTECTED]
Received: from [24.5.52.138] by femail19.sdc1.sfba.home.com
(InterMail vM.4.01.03.20 201-229-121-120-20010223) with SMTP
id
<20011109043240.YJWP25027.femail19.sdc1.sfba.home.com@[24.5.52.138]>;
Thu, 8 Nov 2001 20:32:40 -0800
Date: Thu, 08 Nov 01 19:49:57 EST
To: [EMAIL PROTECTED]
Subject: AD: Tired Of Foul Language?
Message-ID: <>
Now after checking the customers hosting space and GUI - there are no cgi's
or PHP scripts running, no form to email, no mailing lists, their Telnet is
disabled and they have no relaying - the only thing they do have is two
aliases the catch-all activated and a forward to his ISP mail account which
happens to be an AOL address.
The customer is on a different IP from the ns's IP
Any words or wisdom or guidance would be grateful
Regards
Chae
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
