Voytek Eymont wrote: > I've just got this spam email, looking at the mail header: > > does that imply there some sort of open relay ? compromised system ? at > dodo ? > > ---------------------- > Received: from relay02.mail-hub.dodo.com.au (relay02.mail-hub.dodo.com.au > [202.136.32.45]) > by koala.sbt.net.au (Postfix) with ESMTP id 2A7E723811A > for <[EMAIL PROTECTED]>; Thu, 5 Oct 2006 11:06:52 +1000 (EST)
The one above looks ok. > Received: from [202.136.32.34] (helo=postoffice01.mail-hub.dodo.com.au) > by relay02.mail-hub.dodo.com.au with esmtp (Exim 4.34) > id 1GUfTb-0005Sx-Hp > for [EMAIL PROTECTED]; Tue, 03 Oct 2006 18:18:08 +1000 That looks ok. > Received: from [87.68.49.228] (helo=87.68.49.228.cable.012.net.il) > by postoffice01.mail-hub.dodo.com.au with smtp (Exim 4.54) > id 1GUfTP-0004Ga-70; Tue, 03 Oct 2006 18:18:07 +1000 That one is a bit suspicious and all the ones below that one were faked. So, postoffice01.mail-hub.dodo.com.au may be an open relay or may have something like pop before send enabled. Erik -- +-----------------------------------------------------------+ Erik de Castro Lopo +-----------------------------------------------------------+ "Perl - The only language that looks the same before and after RSA encryption." -- Keith Bostic -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
