Thanks Scott
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of R. Scott Perry Sent: Monday, October 11, 2004 3:45 PM To: [EMAIL PROTECTED] Subject: Re: [Declude.JunkMail] Looks spoofed >Can some one take a look at this to see if I can prove that this did not >come from us. Unfortunately, it is impossible to prove/disprove this just from the headers. However: >The user is going to reports us to our upstream provider [first, let me say: don't worry about this threat. If the E-mail didn't come from your server, you have nothing to prove.] >Received: (qmail 1709 invoked by uid 0); 11 Oct 2004 12:24:03 -0000 >Received: (qmail 29399 invoked by uid 1001); 11 Oct 2004 12:23:59 -0000 >Received: from p4210-flets-adsl01osakakita.osaka.ocn.ne.jp >(p4210-flets-adsl01osakakita.osaka.ocn.ne.jp [61.126.139.210]) > by spf7-9.us4.outblaze.com (Postfix) with SMTP id DDFF4CF3FB > for <[EMAIL PROTECTED]>; Mon, 11 Oct 2004 12:22:08 +0000 (GMT) >Received: from baranconsulting.com (mail.baranconsulting.com [162.42.217.34]) > by p4210-flets-adsl01osakakita.osaka.ocn.ne.jp (Postfix) with > ESMTP id 26B85E07F7 > for <[EMAIL PROTECTED]>; Mon, 11 Oct 2004 07:23:05 -0500 The only way that the "baranconsulting.com" header can be trusted is if the one before it can be trusted. In this case, it's an ASDL line in Japan. It is extremely unlikely that they are trustworthy. If the person complaining trusts that mailserver, then you should investigate further -- otherwise, it is pretty safe to assume that the header was forged. In fact, if IMail sent the E-mail, there would be a Received: header that IMail added -- so if this E-mail really did come from your IMail server, it came from another program (such as a trojan or web script). -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers since 2000. Declude Virus: Ultra reliable virus detection and the leader in mailserver vulnerability detection. Find out what you've been missing: Ask for a free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
