Re: [Exim] Spammer or new virus?

Pàgina inicial
Delete this message
Reply to this message
Autor: Marc MERLIN
Data:  
A: Steve Drees
CC: exim-users
Assumpte: Re: [Exim] Spammer or new virus?
On Tue, May 28, 2002 at 11:28:08AM -0500, Steve Drees wrote:
> > mainlog:2002-05-27 10:00:43 H=(Witpnr) [212.195.121.225]:1153
> > F=<someemail@???> rejected RCPT <lifi@???>:
> > authentication required
>
> Looks like KLEZ.
>
> The random Hostname is a dead giveaway. As well as the forged from.


Are you saying that
1) Klez forges the envelope From too? (not just header From)
2) Klez will look up the MX for the forged From and attempt to send the
mail through there?

#2 would be stupid, that'd get your mail rejected in most cases

Marc
--
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking


Home page: http://marc.merlins.org/ | Finger marc_f@??? for PGP key