[Mimedefang] Accuracy of infected IP in mdlog
Jerome Tytgat
jerome.tytgat at asterion.fr
Mon May 17 03:14:06 EDT 2004
>
> This was in spam, but the kind that is sent through a hacked
> Windows box. The lower two Received's are fake.
>
> And I've seen this before. There's one that pretends the origin
> is outblaze.com. Have you seen that one?
>
no, but I wonder what is the best :
- telling the last relay is the spammer/infected computer
which is wrong at 95% when there's several relays
- let the mailbox administrator choosing what to trust ?
--
====================================
> Jérôme Tytgat
Administrateur Réseau et Sécurité
ASTERION - Impasse de la Hache
CP 5911 - 44 477 CARQUEFOU CEDEX
T: 02 40 300 800 - F: 02 40 25 10 74
====================================
More information about the MIMEDefang
mailing list