You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@spamassassin.apache.org by alex <al...@zoosmart.us> on 2006/10/13 02:50:19 UTC

forged headers

just got a bunch of bounced mails that have my ip in the header,
but I checked my mail logs and don't see any relaying.

does that mean the header is forged?

here is an example, I changed my ip in the example to a.b.c.d
and my domain to "mydomain"


Received: from mx06.east.net ([200.113.154.211])
          by domino01.asiaalum.com (Lotus Domino Release 6.5.3FP1)
          with ESMTP id 2006101308195296-30610 ;
          Fri, 13 Oct 2006 08:19:52 +0800
Received: from a.b.c.d (HELO mydomain)
     by asiaalum.com with esmtp (R95NB6F382 5Z5Z9Q)
     id 1FXXGH-F8YW8C-9K
     for xxxx@asiaalum.com; Fri, 13 Oct 2006 00:15:49 -0060

Re: forged headers

Posted by alex <al...@zoosmart.us>.

I'm on Linux, also did a snoop and didn't see any relaying so I hope not!

On Thu, Oct 12, 2006 at 05:51:39PM -0700, jdow wrote:
> Are you possibly infected and spewing spams?
> 
> Note that the received headers can be forged. (There are even some
> clever tricks that are played with routers to reroute your address
> for a spam run then route it back that I have heard of.)
> 
> {^_^}

Re: forged headers

Posted by jdow <jd...@earthlink.net>.

Are you possibly infected and spewing spams?

Note that the received headers can be forged. (There are even some
clever tricks that are played with routers to reroute your address
for a spam run then route it back that I have heard of.)

{^_^}
----- Original Message ----- 
From: "alex" <al...@zoosmart.us>


> just got a bunch of bounced mails that have my ip in the header,
> but I checked my mail logs and don't see any relaying.
> 
> does that mean the header is forged?
> 
> here is an example, I changed my ip in the example to a.b.c.d
> and my domain to "mydomain"
> 
> 
> Received: from mx06.east.net ([200.113.154.211])
>          by domino01.asiaalum.com (Lotus Domino Release 6.5.3FP1)
>          with ESMTP id 2006101308195296-30610 ;
>          Fri, 13 Oct 2006 08:19:52 +0800
> Received: from a.b.c.d (HELO mydomain)
>     by asiaalum.com with esmtp (R95NB6F382 5Z5Z9Q)
>     id 1FXXGH-F8YW8C-9K
>     for xxxx@asiaalum.com; Fri, 13 Oct 2006 00:15:49 -0060

Re: forged headers

Posted by Tony Finch <do...@dotat.at>.

On Thu, 12 Oct 2006, alex wrote:

> just got a bunch of bounced mails that have my ip in the header,
> but I checked my mail logs and don't see any relaying.
> does that mean the header is forged?

I've seen lots of this over the last couple of months. It seems to be
related to malware activity, because it shows up in my virus infection
audit reports.

Tony.
-- 
f.a.n.finch  <do...@dotat.at>  http://dotat.at/
FORTIES CROMARTY FORTH: SOUTHERLY 6 TO GALE 8, DECREASING 5 OR 6 LATER. RAIN
OR SHOWERS. MODERATE OR GOOD.

Re: forged headers

Posted by Bob Proulx <bo...@proulx.com>.

alex wrote:
> does that mean the header is forged?

It is very common to see forged headers in email.  My guess is that
yes those headers are forged.  In fact even without looking if you
tell me the message is spam I would guess that the headers are
forged.

Bob