On Mon, 16 Apr 2001, Alex Pennace wrote:
> On Mon, Apr 16, 2001 at 04:00:32PM -0500, mick wrote:
> > hello, sorry for the off topic post.
> > real quick; had a server x.x.x.110 running sendmail.
> > getting complaints of spam originating from that box.
> > removed IP, still getting complaints.
> > turned system off, still getting complaints.
> >
> > Can an IP be spoofed so totally in mail headers?
> > headers:
> > Received: from mailserv01.dartgc.com ([207.34.255.70])
> > by southwind.org (8.9.3/8.9.3) with ESMTP id WAA21910
> > for <x>; Sun, 15 Apr 2001 22:10:26 -0700 (PDT)
> > Date: Sun, 15 Apr 2001 22:10:26 -0700 (PDT)
> > From: [EMAIL PROTECTED]
> > Message-Id: <[EMAIL PROTECTED]>
> > Received: from ngqjz.msn.com ([x.x.x.110]) by
> > mailserv01.dartgc.com with SMTP (Microsoft Exchange Internet Mail
> > Service Version 5.5.2653.13)
> > id H5VRZ1Y1; Mon, 16 Apr 2001 01:09:20 -0400
>
> How is anyone supposed to give you a sure answer if you munge/hide
> relevant information?
As an additional note: Looks like every system receiving the spam are
Exchange servers. Is someone exploiting an exchange fault?
*****************************************
Mick Dobra
Systems Administrator
MTCO Communications
1-800-859-6826
*****************************************