Jesse Keating writes: > [message/delivery-status (337 bytes)] > Reporting-MTA: dns; mail.j2solutions.net > Arrival-Date: Thu, 11 Jul 2002 07:00:32 -0700 > Received-From-MTA: dns; localhost (localhost [127.0.0.1]) > > Final-Recipient: rfc822; [EMAIL PROTECTED] > Action: failed > Status: 5.0.0 > Diagnostic-Code: unknown; No such domain. > > > Received: from localhost (localhost [127.0.0.1]) > (uid 48) > by mail.j2solutions.net with local; Thu, 11 Jul 2002 07:00:32 -0700 > To: [EMAIL PROTECTED] > Subject: > From: [EMAIL PROTECTED] > Reply-To: > Message-ID: <[EMAIL PROTECTED]> > Date: Thu, 11 Jul 2002 07:00:32 -0700 > > > > > > MESSAGE: sure some people would be interested about whats in here > > > > This conserns me because it looks like the mail is coming from > [EMAIL PROTECTED] (which only I have a password for, and root doesn't > allow remote logins), and the original message doesn't look like > anything that one of my services would send out. > > After further investigation into my log files, I do see some mail go > through as [EMAIL PROTECTED] to [EMAIL PROTECTED] which is a valid > address. This bothers me greatly, and I would like help in finding out > if somehow I was hacked or if there is an unknown exploit to > courier-mta.
The original message was sent by whoever logs in as uid 48. Anybody can put anything they want in the From: header, or use any return address. -- Sam ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek PC Mods, Computing goodies, cases & more http://thinkgeek.com/sf _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
