[Mimedefang] Mail and spam problem

Joseph Brennan brennan at columbia.edu
Thu Jul 22 11:00:14 EDT 2004 

It originated at adsl-66-120-254-18.dsl.lsan03.pacbell.net
[66.120.254.18].  That host said 'helo Jillian.org' when it
connected but that means nothing.  In fact that hostname does
not exist.

How can it put your domain in the From: line?  By just doing
it.  Random From: lines are pretty standard in virus mail.

(The other two Received headers look pretty strange to me with
all those nonexistent hostnames-- but maybe they are normal.
I cannot explain those.)

So what about Mimedefang?

Joseph Brennan
Academic Technologies Group, Academic Information Systems (AcIS)
Columbia University in the City of New York





--On Thursday, July 22, 2004 10:32 AM -0400 Vivek Kumar <vivekk at gorave.net> 
wrote:

> Hi all,
>
> Look at the following header information. THe user got this mail but it
> was never sent by one internal user (harv) to SAMMY. They also said that
> it contained virus. Now I think that this mail was generated from
> jillian.org.
> Now what all can I diagnose from this. How the mail is generated from
> outside domain using internal user name etc. ??
> Any help or diagnosis is highly appreciated.
>
> Thanks
>
> Vivek
>
> Received: from localhost.localdomain (191.0.0.1 [191.0.0.1]) by
> virtual02.gorave.net with SMTP (Microsoft Exchange Internet Mail Service
> Version 5.5.2653.13)
>  id 3RNHWNKC; Wed, 21 Jul 2004 14:21:21 -0400
> Received: from advanceserver (advanceserver [127.0.0.1])
>  by localhost.localdomain (8.12.11/8.12.10) with ESMTP id i6LIKiaL012792
>  for <SAMMY at GORAVE.NET <mailto:SAMMY at GORAVE.NET> >; Wed, 21 Jul 2004
> 14:20:44 -0400
> Received: from Jillian.org (adsl-66-120-254-18.dsl.lsan03.pacbell.net
> [66.120.254.18])
>  by gorave.net (VaMailArmor-2.0.2-6) id 12753-5A1C3251;
>  Wed, 21 Jul 2004 14:20:42 -0400
> Date: Wed, 21 Jul 2004 11:30:35 -0800
> To: "SAMMY" <SAMMY at gorave.net <mailto:SAMMY at gorave.net> >
> From: "Harv" <harv at gorave.net <mailto:harv at gorave.net> >
> Subject: Virus Found in message "Re:"
> Message-ID: <bpiijtockayslqmylrk at GORAVE.NET
> <mailto:bpiijtockayslqmylrk at GORAVE.NET> >
> MIME-Version: 1.0
> Content-Type: multipart/mixed;
>         boundary="--------oijkoluwnkhliypsdsda"
> X-AntiVirus: checked by Vexira MailArmor (version: 2.0.2-6; VAE:
> 6.26.0.3; VDF: 6.26.0.38; host: advanceserver)
> X-Spam-Status: No, hits=2.7 required=8.0
>  tests=AWL,BASE64_ENC_TEXT,HTML_20_30,MIME_HTML_ONLY,RCVD_IN_ORBS
>  version=2.55
> X-Spam-Level: **
> X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp)
> X-Scanned-By: MIMEDefang 2.38
>
> ----------oijkoluwnkhliypsdsda
> Content-Type: text/html; charset="us-ascii"
> Content-Transfer-Encoding: base64
>
> ----------oijkoluwnkhliypsdsda--
>
> _______________________________________________
> Visit http://www.mimedefang.org and http://www.canit.ca
> MIMEDefang mailing list
> MIMEDefang at lists.roaringpenguin.com
> http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

More information about the MIMEDefang mailing list