Can some one take a look at this to see if I can prove that this did not come from us.
Unfortunately, it is impossible to prove/disprove this just from the headers. However:
The user is going to reports us to our upstream provider
[first, let me say: don't worry about this threat. If the E-mail didn't come from your server, you have nothing to prove.]
Received: (qmail 1709 invoked by uid 0); 11 Oct 2004 12:24:03 -0000
Received: (qmail 29399 invoked by uid 1001); 11 Oct 2004 12:23:59 -0000
Received: from p4210-flets-adsl01osakakita.osaka.ocn.ne.jp (p4210-flets-adsl01osakakita.osaka.ocn.ne.jp [61.126.139.210])
by spf7-9.us4.outblaze.com (Postfix) with SMTP id DDFF4CF3FB
for <[EMAIL PROTECTED]>; Mon, 11 Oct 2004 12:22:08 +0000 (GMT)
Received: from baranconsulting.com (mail.baranconsulting.com [162.42.217.34])
by p4210-flets-adsl01osakakita.osaka.ocn.ne.jp (Postfix) with ESMTP id 26B85E07F7
for <[EMAIL PROTECTED]>; Mon, 11 Oct 2004 07:23:05 -0500
The only way that the "baranconsulting.com" header can be trusted is if the one before it can be trusted. In this case, it's an ASDL line in Japan. It is extremely unlikely that they are trustworthy. If the person complaining trusts that mailserver, then you should investigate further -- otherwise, it is pretty safe to assume that the header was forged. In fact, if IMail sent the E-mail, there would be a Received: header that IMail added -- so if this E-mail really did come from your IMail server, it came from another program (such as a trojan or web script).
-Scott
---
Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000.
Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection.
Find out what you've been missing: Ask for a free 30-day evaluation.
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
