On 24 Jul 2019, at 12:56, James B. Byrne wrote:
I am sure that the message associated with the header extract
reproduced below is fraudulent. But, I would like to know how this
particular header line was constructed at the source:
Received: from theguardian.com (regtreis.viverindia.com.br
[31.172.134.4])
How did they get 'from theguardian.com' into the Received header
generated by our mx?
The token immediately following the "from" in a Received header
generated by Postfix is the name offered in the EHLO or HELO command
from the SMTP client.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
