Thanks for that reply Bernhard, it makes sense.
Can someone help me interpret the headers shown below?
I'm trying to understand the evolution of this message's
path. Particularly, the line that shows that lmail.kimex.com.mx
received this message from bravo.meso.com. That seems to
imply that bravo.meso.com actually sent it out, doesn't it?
And given that its mail relaying is restricted to all but a couple
trusted hosts, I don't see how that could be.
Thanks,
Kevin
-----------------------------------------------------------------------------------------------------
Return-Path: <[EMAIL PROTECTED]>
Received: from alpha.meso.com (alpha.meso.com [xx.xx.xx.xx])
by zdxxx.com (8.8.7/8.8.7) with ESMTP id HAA26544;
Fri, 10 Nov 2000 07:37:33 -0500
Received: from bravo.meso.com (IDENT:[EMAIL PROTECTED] [xx.xx.xx.yy])
by bravo.meso.com (8.9.3/8.9.3) with ESMTP id HAA22877
for <[EMAIL PROTECTED]>; Fri, 10 Nov 2000 07:43:54 -0500
Received: from lmail.kimex.com.mx (dns.kimex.com.mx [148.223.184.93])
by bravo.meso.com (8.9.3/8.9.3) with ESMTP id HAA27318;
Fri, 10 Nov 2000 07:43:48 -0500
Received: from lmail.kimex.com.mx [208.147.127.27] by lmail.kimex.com.mx
(SMTPD32-6.04 EVAL) id AFCC604006E; Thu, 09 Nov 2000 21:47:24 -0600
Received: from [EMAIL PROTECTED] by [EMAIL PROTECTED] (8.8.5/8.6.5) with SMTP id GAA03990 for
<exeter.ca>; Thu, 09 Nov 2000 19:11:27 -0600 (EST)
To: [EMAIL PROTECTED]
Date: Thu, 09 Nov 00 19:11:27 EST
From: [EMAIL PROTECTED]
Subject: hi
Reply-To: [EMAIL PROTECTED]
Comments: Authenticated sender is <erolson.ca>
Message-Id: <[EMAIL PROTECTED]>
X-Mozilla-Status2: 00000000
-----------------------------------------------------------------------------------------------------------
On Fri, 10 Nov 2000, Bernhard Rosenkraenzer wrote:
> On Fri, 10 Nov 2000, Kevin Tyle wrote:
>
> > Date: Thu, 09 Nov 00 19:11:27 EST
> > From: [EMAIL PROTECTED]
> > Reply-To: [EMAIL PROTECTED]
> > To: [EMAIL PROTECTED]
>
> Anyone can fake mail headers - if I just do something along the lines of
>
> telnet mail.my-isp.com 25
> helo foo.com
> mail from:<[EMAIL PROTECTED]>
> rcpt to:<[EMAIL PROTECTED]>
> rcpt to:<[EMAIL PROTECTED]>
> ...
> data
> From: Some Fake Name <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: foo
>
> Buy my stuff!
> .
> QUIT
>
> the basic headers will look just like tht, even though I didn't use any
> meso.com box to send or relay this.
> Many spammers these days just fake hostnames so complaints go to the wrong
> ISPs. Take a look at the full headers of the messages to check where the
> spam really originates (e.g. press H in pine).
>
> There's nothing you can do to protect yourself from this type of stuff,
> however, since the error messages from invalid addresses (and complaints
> from people who can't figure out the real origin), you have a real chance
> at getting the spammer to pay - I'm not a lawyer, but I'd think this is
> theft of service, fraud, and intentional damaging of your reputation
> (because some people/companies will think you sent the spam).
>
> LLaP
> bero
>
>
>
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
