Re: [Exim] Spammer or new virus?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Marc MERLIN
Date:  
À: Steve Drees
CC: exim-users
Sujet: Re: [Exim] Spammer or new virus?
On Tue, May 28, 2002 at 11:28:08AM -0500, Steve Drees wrote:
> > mainlog:2002-05-27 10:00:43 H=(Witpnr) [212.195.121.225]:1153
> > F=<someemail@???> rejected RCPT <lifi@???>:
> > authentication required
>
> Looks like KLEZ.
>
> The random Hostname is a dead giveaway. As well as the forged from.


Are you saying that
1) Klez forges the envelope From too? (not just header From)
2) Klez will look up the MX for the forged From and attempt to send the
mail through there?

#2 would be stupid, that'd get your mail rejected in most cases

Marc
--
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking


Home page: http://marc.merlins.org/ | Finger marc_f@??? for PGP key