John, not sure what the 'may be forged' bit is about.. my guess it's to do with dns relaying or a reply-to + headers that claim to be from somewhere other than the original server...
with regard to your question about how to find out whether an email is incoming or outgoing.... o an incoming email will usually have two entries... one saying from... and the other saying to, sometimes with the ctrladdress (usually the from address).. o every email that passes through your server is given an id.. in this case the id is f9HELnF20704. if you look at the line, it gives you the id betwen the 'sendmail[xxxxx]' and 'from=' hope this helps. Sohail. At 22:26 17/10/2001, you wrote: >Hi I was wondering how to read the maillog... > >I received this log in the maillog. > >Oct 17 10:21:49 ns1 sendmail[20704]: f9HELnF20704: >from=<[EMAIL PROTECTED]>, size=3013, class=0, nrcpts=1, >msgid=<[EMAIL PROTECTED]>, >proto=ESMTP, daemon=MTA, relay=134.22.47.tor-55.151.net [134.22.47.55] >(may be forged) > >What does the "may be forged" mean exactly? Does it flag this email >because the from address does not share the same domain name where the >message came from? > >How do you know if this was an incoming email or an outgoing one? >Could this be spam? > >If anyone can help me with this probably simple question, I would >appreciate it. > >Thanks in advance, > >John Mehan > > > >__________________________________________________ >Do You Yahoo!? >Make a great connection at Yahoo! Personals. >http://personals.yahoo.com >_______________________________________________ >cobalt-security mailing list >[EMAIL PROTECTED] >http://list.cobalt.com/mailman/listinfo/cobalt-security __________________________________________________ Sohail A. Rahim www.lithiumrain.com _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
