...Somebody figured out how to spoof their email so it looked like it was coming from localhost, and thus was able to relay through my server
log-2003-09-17-02:19:42:Sep 16 20:53:41 [courieresmtp] id=000CA6A2.3F67B08E.00004329,from=<>,addr=<[EMAIL PROTECTED]>: 250 2.0.0 h8H0KUwT008063 Message accepted for delivery
I don't think you understand what you're seeing. Someone on the network can't spoof a TCP session as 127.0.0.1 because any reply to his packets would be sent to the lo interface, and not to the network. You can so some nasty things by sending a machine packets with the source of 127.0.0.1, but establishing a TCP connection isn't one of them.
The messages that you're seeing in your logs are almost certainly bounce messages. [EMAIL PROTECTED], or someone claming to be them, sent an email to your system which your system accepted. Then, for one reason or another, delivery failed and Courier is sending a DSN back to that address. DSNs always have a null from address. Look further back in the logs and you should see some messages coming from that address.
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
