On Tue, May 28, 2002 at 11:28:08AM -0500, Steve Drees wrote:
> > mainlog:2002-05-27 10:00:43 H=(Witpnr) [212.195.121.225]:1153
> > F=<someemail@???> rejected RCPT <lifi@???>:
> > authentication required
>
> Looks like KLEZ.
>
> The random Hostname is a dead giveaway. As well as the forged from.
Are you saying that
1) Klez forges the envelope From too? (not just header From)
2) Klez will look up the MX for the forged From and attempt to send the
mail through there?
#2 would be stupid, that'd get your mail rejected in most cases
Marc
--
Microsoft is to operating systems & security ....
.... what McDonalds is to gourmet cooking
Home page:
http://marc.merlins.org/ | Finger marc_f@??? for PGP key
