Re: [Exim] Spammer or new virus?

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Marc MERLIN
Dátum:  
Címzett: Steve Drees
CC: exim-users
Tárgy: Re: [Exim] Spammer or new virus?
On Tue, May 28, 2002 at 11:28:08AM -0500, Steve Drees wrote:
> > mainlog:2002-05-27 10:00:43 H=(Witpnr) [212.195.121.225]:1153
> > F=<someemail@???> rejected RCPT <lifi@???>:
> > authentication required
>
> Looks like KLEZ.
>
> The random Hostname is a dead giveaway. As well as the forged from.


Are you saying that
1) Klez forges the envelope From too? (not just header From)
2) Klez will look up the MX for the forged From and attempt to send the
mail through there?

#2 would be stupid, that'd get your mail rejected in most cases

Marc
--
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking


Home page: http://marc.merlins.org/ | Finger marc_f@??? for PGP key