THey buried the REAL destination in the headers, and spoofed the "To" field it looks like.
Tim Hosking wrote: >on 27/12/01 12:39 pm, Sysop at [EMAIL PROTECTED] wrote: > >Look at the TO: field in the header. That address has nothing to do with my >server. I do not host homelenders.com and I have no user called loanrep. I >do not accept mail addressed to non-existent users. > >>How did you expect it NOT to get delivered? Everything looks cool, do >>you not accept email from an unknown user or somethign? You can add >>that persons domain into your bofh file, or just that account, but I >>fail to see how you expect it NOT to get delivered. >> >>Tim Hosking wrote: >> >>>Hi. >>> >>>I just received a spam email from homelenders.com. Here are the headers: >>> >>>Delivered-To: [EMAIL PROTECTED] >>>Return-Path: <[EMAIL PROTECTED]> >>>Received: from smtp1.vol.cz (smtp1.vol.cz [195.250.128.73]) >>> (TLS: TLSv1/SSLv3,168bits,DES-CBC3-SHA) >>> by OldPeculier with esmtp; Wed, 26 Dec 2001 22:32:11 -0500 >>>Received: from smtp2.vol.cz (smtp2.vol.cz [195.250.128.42]) >>> by smtp1.vol.cz (8.11.6/8.11.3) with ESMTP id fBR3cjB89493; >>> Thu, 27 Dec 2001 04:38:45 +0100 (CET) >>> (envelope-from [EMAIL PROTECTED]) >>>Received: from homelenders.com (datelb-1-2-18.dialup.vol.cz [212.20.100.20]) >>> by smtp2.vol.cz (8.11.3/8.11.3) with SMTP id fBR3bkw12060; >>> Thu, 27 Dec 2001 04:37:51 +0100 (CET) >>> (envelope-from [EMAIL PROTECTED]) >>>Date: Thu, 27 Dec 2001 04:37:51 +0100 (CET) >>>Message-Id: <[EMAIL PROTECTED]> >>>Mime-Version: 1.0 >>>Content-Type: text/html; charset=us-ascii >>>Content-Transfer-Encoding: 7bit >>>From: [EMAIL PROTECTED] >>>Reply-To: [EMAIL PROTECTED] >>>To: [EMAIL PROTECTED] >>>Subject: hassle-free home loans >>> >>>And here are the related lines from my maillog (sorry about the wrapping): >>> >>>Dec 26 22:32:09 OldPeculier courieresmtpd: started,ip=[195.250.128.73] >>>Dec 26 22:32:14 OldPeculier courierd: newmsg,id=0000AD58.3C2A963C.00001851 >>>Dec 26 22:32:14 OldPeculier courierd: >>>started,id=0000AD58.3C2A963C.00001851,from=<[EMAIL PROTECTED]>,module= >>>local,host=tim!!20008!20008!/home/tim!!,addr=<tim> >>>Dec 26 22:32:14 OldPeculier courierd: Waiting. shutdown time=none, wakeup >>>time=none, queuedelivering=1, inprogress=1 >>>Dec 26 22:32:14 OldPeculier courierlocal: >>>id=0000AD58.3C2A963C.00001851,from=<[EMAIL PROTECTED]>,addr=<tim@trhos >>>king.com>,size=16516,success: Message delivered. >>>Dec 26 22:32:15 OldPeculier courierd: >>>completed,id=0000AD58.3C2A963C.00001851 >>>Dec 26 22:32:15 OldPeculier courierd: Waiting. shutdown time=Wed Dec 26 >>>23:18:21 2001, wakeup time=Wed Dec 26 23:18:21 2001, queuedelivering=0, >>>inprogress=0 >>> >>>How on earth did this message get accepted and delivered to a local account? >>>I am running courier-0.36.1. >>> >>> >>> >> >> > > _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
