Hi there,
After you've rev-iewed all these documents, we can -easily talk abou-t the following steps:
This very much looks like thread hijacking used by emotet-successor type malware: Quote message from hijacked mailbox, reply to original sender with malware link but from a different sender address.
Somebody that received the original message has/has a malware infection. Kind regards, Peter
smime.p7s
Description: S/MIME Cryptographic Signature
-- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/