People, sorry about the confusion. I took a look at everything again and the spam was not relayed via our Imail server out.
I thought the customer gave me headers of a message that someone else received as if it was sent form him. Now that I got the customer off the phone (breathing into my ear) and looked at the headers again I can see that it was just an inbound spam message to the customer with one of his own addresses in the From field. Simple impersonation. That's what I told him right away and he insisted that I was wrong. Wasted half a day on this dude. -----Original Message----- From: R. Scott Perry [mailto:[EMAIL PROTECTED]] Sent: Wednesday, October 09, 2002 4:19 PM To: [EMAIL PROTECTED] Subject: RE: [IMail Forum] Need HELP with rules >I figured out how they were able to authenticate. How were they able to authenticate? >But I still don't know who they are. Somehow they must have picked the >password for one of the users on the physical host (i.e. our administrators) Why do you think that? >This is because the message headers show the physical host name: > >Received: from 66.46.145.35 [212.13.72.2] by imail9 > (SMTPD32-7.12) id A712151400C8; Tue, 08 Oct 2002 15:50:42 -0400 > >If it were a customer the headers would show the customer domain name >instead of imail9 So you're guessing from this header that a spammer used the password of one of your administrators? Why not post the log file entries? Blocking the spammer using rules may be a nice quick fix, but if the spammer really did break into one of your administrator accounts, shouldn't you be more concerned about that? -Scott --- Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for IMail. http://www.declude.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
