At 10:27 AM 12/31/01 -0500, R. Scott Perry wrote: >If the alteration took place on your end, you *must* identify what is causing that to happen. If the alteration took place on the other end, you can't take their spam complaint seriously (in that case, I would suggest responding and asking for the complete unaltered headers).<<
This was not just an isolated case. Apparently the source sent out a few dozen before we caught on to it. I have at least that many spamcop.net and other sources. I have not analyzed the messages totally yet. Silly me, I deleted the messages that were in the queue when I shut the gates. So I don't have an original to look at. But the log of the period is full of these probes. The messages look like they were sent from the local server (127.0.0.1) which another reader has indicated is a flaw in the 6.0x version of imail in that it will allow any e-mail to be forwarded with this ip address. How it happened is another question. It has been suggested by two people this may be because there is a formmail.pl file or equivalent on one of the web sites we host. I will search for this as there ARE a couple that we do not control. >>We can't assume that 206.159.55.2 is really the IP address that sent the E-mail.<< Not the original sender. BUT is hit the internet from this IP address and that is how they traced it back and our logs confirm the messages came through us if they did not originate there. >>The other is why someone sent you an E-mail that was missing headers, and whether or not that E-mail really came through your server.<< >From what I have seen so far, NONE of the senders had anything more than what you saw. Orin R. Wells 25321 126th Ave. SE Kent, Washington 98031 (253) 630-5296 <[EMAIL PROTECTED]> Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
