Hi Kevin, The chances are that this message was bounced off a server that was not properly protected to deny relays. I get up to 6 attempts daily to use my server for such:
Nov 12 08:56:38 xxxxx postfix/smtpd[16766]: reject: RCPT from user24.net023.fl.sprint-hsd.net[207.30.161.24]: 554 <[EMAIL PROTECTED]>: Recipient address rejected: Relay access denied; from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> Nov 12 09:31:41 xxxxx postfix/smtpd[16807]: reject: RCPT from PPPa23-ResaleBocaRatonB1-1R7024.dialinx.net[4.4.48.84]: 554 <[EMAIL PROTECTED]>: Recipient address rejected: Relay access denied; from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> Nov 12 09:31:46 xxxxxx postfix/smtpd[16807]: reject: RCPT from PPPa23-ResaleBocaRatonB1-1R7024.dialinx.net[4.4.48.84]: 554 <[EMAIL PROTECTED]>: Recipient address rejected: Relay access denied; from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> Nov 13 02:10:52 xxxxxx postfix/smtpd[17719]: reject: RCPT from tral01m01-37.bctel.ca[209.52.196.37]: 554 <[EMAIL PROTECTED]>: Recipient address rejected: Relay access denied; from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> Nov 13 05:32:30 xxxxxx postfix/smtpd[17949]: reject: RCPT from 03-117.050.popsite.net[64.24.144.117]: 554 <[EMAIL PROTECTED]>: Recipient address rejected: Relay access denied; from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> Nov 13 05:32:35 xxxxxx postfix/smtpd[17949]: reject: RCPT from 03-117.050.popsite.net[64.24.144.117]: 554 <[EMAIL PROTECTED]>: Recipient address rejected: Relay access denied; from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> As you can see, they just keep on trying. Early configs of sendmail did not deny relays as a default. Postfix does and makes you explicitly name domains that can use you as an SMTP relay. So in answer to your question, if you do hunt down the other end of the transmission by looking in the syslog, chances are you will only be able to report them to SPAN I think it is who will email them via their ISP or such to shut down relay capability. HTH Stuart Kevin Waterson wrote: >[EMAIL PROTECTED] wrote: > >Lotsa spam.................................. > >Ok, so we know this message did not originate from >this email address, but how do we tell who sent it? > >The headers look a little like this > > >Return-path: > <[EMAIL PROTECTED]> > Envelope-to: > [EMAIL PROTECTED] ># this is my email address > > Received: > from [138.25.7.4] (helo=slug.org.au) by >smtp.oceania.net with esmtp ># This is my email server recieving teh message from slug.. > > (Exim 3.22 #18) id 163Tvu-0004Kz-00 for >[EMAIL PROTECTED]; Tue, 13 ># This is my email server (running Exim) delivering to me > Nov 2001 14:08:19 +1100 > Received: > from slug.progsoc.uts.edu.au (localhost >[127.0.0.1]) by slug.org.au > (Postfix) with ESMTP id C7FB6A8895; Wed, 14 Nov >2001 02:02:05 > +1100 (EST) ># SLUG box recieves the message > Delivered-To: > [EMAIL PROTECTED] ># And is delivered to [EMAIL PROTECTED] > Received: > from server02 >(adsl-66-73-1-31.dsl.sfldmi.ameritech.net [66.73.1.31]) ># Now we see here that it orignated from >adsl-66-73-1-31.dsl.sfldmi.ameritech.net [66.73.1.31]) > > by slug.org.au (Postfix) with SMTP id 23CBCA882C >for > <[EMAIL PROTECTED]>; Wed, 14 Nov 2001 02:01:35 +1100 >(EST) ># And SLUG recieved tit > From: > <[EMAIL PROTECTED]> ># From some Bodgey Address > To: > <[EMAIL PROTECTED]> > Message-ID: > <124.89808.233237@server02> > > >---------8<-------- snipped for brevity ------8<------- > >So, is there a way to find who sent it? > >Kind regards >Kevin > > -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
