Re: [Exim] Spammer or new virus?

Top Page
Delete this message
Reply to this message
Author: Marc MERLIN
Date:  
To: Steve Drees
CC: exim-users
Subject: Re: [Exim] Spammer or new virus?
On Tue, May 28, 2002 at 11:28:08AM -0500, Steve Drees wrote:
> > mainlog:2002-05-27 10:00:43 H=(Witpnr) [212.195.121.225]:1153
> > F=<someemail@???> rejected RCPT <lifi@???>:
> > authentication required
>
> Looks like KLEZ.
>
> The random Hostname is a dead giveaway. As well as the forged from.


Are you saying that
1) Klez forges the envelope From too? (not just header From)
2) Klez will look up the MX for the forged From and attempt to send the
mail through there?

#2 would be stupid, that'd get your mail rejected in most cases

Marc
--
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking


Home page: http://marc.merlins.org/ | Finger marc_f@??? for PGP key