Dňa 12. 3. o 22:34 Yves via Exim-users napísal(a): I have no solution for you, but some comments:
— This email went through very few intermediaries to reach my server (yalis.fr). Apparently, it actually came directly from the sender (a Palestinian ISP).
Received: headers can be faked, removed, etc...
— There is a DKIM signature done by my own server (d=yalis.fr), which includes the From header, and that header is @yalis.fr.
Can be DKIM replay, it can be failed, only with purpose to fool users. You didn't provide DKIM verify result...
Anyway, your Message-ID is signed, if that message was initialed from your server, you must be able to find it in logs. And you can change DKIM key, to be sure...
Considering the fact that the body is all about how “they” used a zero-day exploit to infiltrate my machine (but with some non-believable elements, such as making a video of me, and I do not have a webcam…), how can I make sure that this is indeed a SPAM, and not a real attack?
I see that type of message often, and often as flood from some hundreds/thounsands of hosts in short time. I am very success to filter them, and i don't very worry about them...
regards -- Slavko -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
