Re: [Exim] Possible Malice on the Internet??

Top Page
Delete this message
Reply to this message
Author: Patrice Fournier
Date:  
To: Odhiambo G. Washington
CC: exim-users
Subject: Re: [Exim] Possible Malice on the Internet??
Quoting "Odhiambo G. Washington" <wash@???>:

> I have one client whom I've given a static IP (62.8.67.146). I am
> receiving a report that this is being used as an open relay. Can any
> of you successfully relay through it?
>
> Spamcop have this:
>
> http://spamcop.net/sc?id=z32887626ze7c799345e0b3a3cb5751c725568648dz
>
> Looking at that critically shows that the headers don't look genuine.
> Maybe I am missing something miniscule while looking at the headers???


It seems they are genuine... The information from the two receive lines
matches. The mail seems to originate from that 62.8.67.146 host... When
this is not true, it generally means there is some kind of proxy that is
abused on that host. I tried to go through your squid proxy and it refused
me, but this was a simple test (and the problem may be an open proxy on
another host which is allowed to use this proxy). You should look at what
proxies are installed on that host and look at their log files at the time
the email was sent...

--
Patrice Fournier
pfournier@???