>> I will have to look more closely at the headers. At first glance, the >> initiating host claimed it was localhost(localhost), which I thought was >> a spoof. I will look at the headers in the morning and may ask some >> additional questions about interpreting it correctly. >> > > If there was a localhost entry in there, it could have been within the > remote person's mail system. Headers are very hard (if not impossible) to > forge because instead of the computer sending the mail, it's actually > created by the server receiving the mail. The extent of headers being > forged is an open relay being used to initiate the connection. When the > server receives the mail, it stamps it with the time and the remote ip > address that initiated the connection, which makes up the beginning of the > header (the part closest to the actual message). Any stamps beyond that > are > created by other mail servers in the line in a similar fashion until it > gets > to the mail server where the user is housed. > > I've been known to be wrong before, but I think I might be onto something > here though... > > Brian >
I think you are right. I mistakenly didn't look through the message in its entirety -- the email headers were only of the message the spam filter sent back to me saying they had found a virus. Included as an attachment was the actual email message that they had received. So the localhost thing was really the localhost, it was their filter on the mail server. Inspecting the original headers shows that it did indeed originate from us. Darn. Got a worm loose somewhere. Thanks guys. -- Devlin > -- > Telefonieren Sie schon oder sparen Sie noch? > NEU: GMX Phone_Flat http://www.gmx.net/de/go/telefonie > > -------------------- > BYU Unix Users Group > http://uug.byu.edu/ > > The opinions expressed in this message are the responsibility of their > author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. > ___________________________________________________________________ > List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list > -------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
