I just noticed something interesting in my spam filter and was curious if anyone here might know what it's from.
I have several emails that seem to be missing rather important header info... like subjects... and the *body*.
What is the same is:
A seemingly random common name for the username in the email address @mydomain.
MessageID seemingly from my domain.
Seemingly forged Recieved header containing "from [" and IP address "] by 2004hosting.netIP with HTTP;"
I would normally just let the spam filter delete these but the number of similar messages caught my eye.
Here's the *full* email of one of them:
==================
Return-Path: <[EMAIL PROTECTED]>
Received: from 66.92.91.82 ([218.147.25.242])
by datasquire.net (8.11.6/8.9.3) with SMTP id hBHBIxm05390
for <[EMAIL PROTECTED]>; Wed, 17 Dec 2003 06:19:00 -0500
Date: Wed, 17 Dec 2003 06:19:00 -0500
Message-Id: <[EMAIL PROTECTED]>
Received: from [218.147.25.242] by 2004hosting.netIP with HTTP;
Wed, 17 Dec 2003 16:16:57 +0500
From: "Colin"@datasquire.net
===================The return path on each one is different and the IP address they originated from is also different... and even on different networks.
Do any of you have any clue what might be sending these out? It kind of sounds like a probe for an open SMTP relay, but the common forged header mistakes and lack of content lead me to believe there is some kind of automation here that is common to each of these machines. A trojan perhaps?
Brian
_______________________________________________ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
