Victor, It seems very clear that the address sending to your corporate mail server pedroliriano [68.161.119.214] is actually a Verizon dial up
The reverse DNS of this IP can be found easily at www.samspade.org It sure is not legitimate. George Kulman Partner Ridge Systems, L.L.C. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Victor Amram, ENEL Sent: Wednesday, January 22, 2003 7:17 AM To: '[EMAIL PROTECTED]' Subject: [IMail Forum] Help interpreting mail header - spam? hijack? Hello IMail Wizards, Once again I'm here to mine your expertise. This morning I had 5 emails in my inbox from/to the webmaster of my Imail server, reporting to be tests sent by SQL Mail. This immediately raised my suspicions so I wanted to request your advice. Here's the header from the message: **************** Received: from enelcrr1.Enelpunto.net (mail1.enel.net [64.251.4.240]) by bncincmail.bancredito.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2656.59) id C66FWX03; Tue, 21 Jan 2003 02:32:58 -0400 Received: from pedroliriano [68.161.119.214] by enelcrr1.Enelpunto.net (SMTPD32-7.13) id A9961F400FA; Tue, 21 Jan 2003 02:32:54 -0400 From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: =?utf-8?B?TWljcm9zb2Z0IE91dGxvb2sgVGVzdCBNZXNzYWdl?= MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Message-Id: <200301210232117.SM02164@pedroliriano> X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [c020020c]. X-RBL-Warning: SPAMHEADERS: This E-mail has headers consistent with spam [c020020c]. X-RBL-Warning: WEIGHT10: Weight of 11 reaches or exceeds the limit of 10. X-Declude-Sender: [EMAIL PROTECTED] [68.161.119.214] X-Note: This E-mail was scanned by Declude JunkMail (www.declude.com) for spam. X-Spam-Tests-Failed: BADHEADERS, IPNOTINMX, SPAMHEADERS, WEIGHT10 [11] Date: Tue, 21 Jan 2003 02:32:58 -0400 ********************* Everything appears legitimate - the enel.net imail server, the bncincmail server (our corporate parent) - up until the FROM. We're in Santo Domingo, Domincan Republic. The IP address of the from is in Reston, VA, according to dnsstuff.com. My guess is someone's trying to hijack our server, but perhaps i'm way off. Any ideas from the Wizards is appreciated! BTW, I must apologize for the horribly long and annoying disclaimer our parent company places on the emails I send. Unfortunately, I have no input in that department. Regards, Víctor Amram [EMAIL PROTECTED] Advertencia (Outgoing) Este mensaje y cualquier archivo transmitido con él, contienen información confidencial y esta previsto para ser leído por la(s) persona(s) nombrada(s); Si usted no es destinatario de este mensaje, debe abstenerse de difundir, distribuir o copiar el mismo; Si usted ha recibido este mensaje por error, por favor notifique inmediatamente al remitente y elimínelo de su sistema. Las violaciones a estas disposiciones serían procesadas legalmente. La empresa no asume responsabilidad por el uso indebido de este mensaje por parte de sus empleados o personal externo. Si se requiere verificación favor de solicitar una versión impresa. This message and any files transmitted with it, contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this message. Please notify the sender immediately by message if you have received this message by mistake and delete this message from your system; the violation to these dispositions would be processed legally. The Company does not assume responsibility for the undue use of this message on the part of its employees or external person. If verification is required please request a printed version. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/