Re: [Exim] Spam relaying problem

Top Page
This message is part of the following thread:
M+\the complete thread tree sorted by date
MMMTim Dodge at <-
.M 
Delete this message
Reply to this message
Author: Andrew - Supernews
Date:  
To: exim-users
Subject: Re: [Exim] Spam relaying problem
>>>>> "Tim" == Tim Dodge <timmy@???> writes:

Tim> I've also gone through my mail logs and can find nothing
Tim> matching the examples sent to me, for example:

>> Received: from mail.allowanceweb.net (invisibles.org [213.152.46.20])
>> by crelay1.easydns.com (Postfix) with SMTP
>> id 5D03754BA6; Thu, 10 Jul 2003 07:22:39 -0400 (EDT)
>> To: <rooter99@???>
>> Cc: <emmafalla@???>, <fboyd60483@???>, <avadootz@???>,
>> <emnr@???>
>> From: toumer@???
>> Subject: Fwd: Vital Refresh to Your Mortgage Application
>> Date: Thu, 10 Jul 2003 05:20:45 -0800
>> MIME-Version: 1.0

If this were being relayed through you, then I'd expect to see a
Received header showing where you got it from. Plus, it would be using
your HELO and not a faked one. So like you say, this is probably
nothing to do with exim.

Assuming the easydns.com Received header isn't itself a forgery (was
it the only Received header in the sample? i.e. was it a sample taken
directly from easydns's mail system?), then the most likely situation
is that you have an open proxy or a spam-sending trojan on your
network. Try monitoring your outgoing traffic to see what's going on.

--
Andrew, Supernews



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[Exim] documentation suggestion for TLS section[Exim] exim binaries for cygwin with mysql support? Got 'main option "mysql_servers" unknown' error upon start-up->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)