Re: spam

Wed, 26 Jul 2006 09:18:39 -0700 

Huh?  The first received header (read from the bottom up):

Received: from burkeauto.com (pro75-3-82-234-174-1.fbx.proxad.net 
[82.234.174.1])
            by adlsrv4.airbornedatalink.com (Postfix) with SMTP id 402AB34001
            for <[EMAIL PROTECTED]>; Wed, 26 Jul 2006 10:41:47 -0500 (CDT)

I suppose you might say that the HELO (burkeauto.com) is faked.

Thomas Lindell wrote:

Does that mean they just faked the headers?


I am new to mail administration only been doing it a couple of months now
and I appreciate all the help.

Thanks

Tom

-----Original Message-----
From: Stuart Johnston [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 26, 2006 11:00 AM 
To: Thomas Lindell
Cc: 'Spamassassin Users List'
Subject: Re: spam

I think you may be misreading the headers.  This mail came from
pro75-3-82-234-174-1.fbx.proxad.net [82.234.174.1] (a French ISP). 


Thomas Lindell wrote:
Gah just when I thought I had spam problems resolved not it appears someones able to send spam directly from the server 


Return-Path: <[EMAIL PROTECTED]>

X-Original-To: [EMAIL PROTECTED]

Delivered-To: [EMAIL PROTECTED]

Received: from localhost (localhost.airbornedatalink.com [127.0.0.1])
by adlsrv4.airbornedatalink.com (Postfix) with ESMTP id 19D3A34004 

            for <[EMAIL PROTECTED]>; Wed, 26 Jul 2006 10:41:52 -0500 (CDT)

X-Virus-Scanned: amavisd-new at adlmail.com

Received: from adlsrv4.airbornedatalink.com ([127.0.0.1])
by localhost (adlsrv4.airbornedatalink.com [127.0.0.1]) (amavisd-new, port 10024) 

            with ESMTP id 63sUVcMA5Y1h for <[EMAIL PROTECTED]>;

            Wed, 26 Jul 2006 10:41:47 -0500 (CDT)
Received: from burkeauto.com (pro75-3-82-234-174-1.fbx.proxad.net [82.234.174.1])
by adlsrv4.airbornedatalink.com (Postfix) with SMTP id 402AB34001 

            for <[EMAIL PROTECTED]>; Wed, 26 Jul 2006 10:41:47 -0500 (CDT)

Message-ID: <[EMAIL PROTECTED]>

Reply-To: "Wojciech Doucette" <[EMAIL PROTECTED]>

From: "Wojciech Doucette" <[EMAIL PROTECTED]>

To: [EMAIL PROTECTED]

Subject: Re: keiyqVjlAGRA

Date: Wed, 26 Jul 2006 08:37:50 -0700

MIME-Version: 1.0

Content-Type: multipart/alternative;

            boundary="----=_NextPart_000_0001_01C6B08E.C7334B30"

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2800.1106

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106

X-Antivirus: AVG for E-mail 7.1.394 [268.10.4/399
Based on this header I believe it's some sort of bounce attack or local attack 


Anyone have any thoughts I'm at my wits end


Tom

Reply via email to