[Mimedefang] Accuracy of infected IP in mdlog

Jerome Tytgat jerome.tytgat at asterion.fr
Mon May 17 03:14:06 EDT 2004


> 
> This was in spam, but the kind that is sent through a hacked
> Windows box.  The lower two Received's are fake.
> 
> And I've seen this before.  There's one that pretends the origin
> is outblaze.com.  Have you seen that one?
> 

no, but I wonder what is the best :
- telling the last relay is the spammer/infected computer
    which is wrong at 95% when there's several relays
- let the mailbox administrator choosing what to trust ?

-- 
====================================
 > Jérôme Tytgat
Administrateur  Réseau  et  Sécurité
ASTERION     -   Impasse de la Hache
CP 5911   -   44 477 CARQUEFOU CEDEX
T: 02 40 300 800 - F: 02 40 25 10 74
====================================



More information about the MIMEDefang mailing list