I just received a SPAM (I hope), but the headers retained my attention;
here they are, in full:
Return-Path: <admin@???>
Delivered-To: yves@???
Received: from seuil3 ([192.168.1.201])
by sphinx3 with LMTP
id UARXHdImDmQdcBQAMvrXhg
(envelope-from <admin@???>)
for <yves@???>; Sun, 12 Mar 2023 20:24:02 +0100
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=yalis.fr;
s=sphinx2;
h=Content-Type:Subject:To:MIME-Version:From:Date:Message-ID:Sender
:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description:
Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
List-Post:List-Owner:List-Archive;
bh=qXhLPFix7x9RH0AbzUC6Jm3wwLRKaSLaBoZ0e0PYWGg=;
b=19nO++1psw29bETtkJfSoCaeie
x1Pa9jycEaMoWNC7ZTP04Fhf/nfNy6GrWKkY2paGp56NkLoyf+wWv54Ld1wB71kSczpBOHjFE5UyY
UEazDeLVZcp9XS8IuiwUZWI+SFb4KTfAdJSmP1vrl8JPnBqaJPJTkAQhiuoATG4viLog=;
Received: from [93.184.14.24]
by seuil3 with esmtp (Exim 4.96)
(envelope-from <admin@???>)
id 1pbRIJ-002UYg-0j
for admin@???;
Sun, 12 Mar 2023 20:24:02 +0100
Message-ID: <640E42D8.7020207@???>
Date: Sun, 12 Mar 2023 22:23:36 +0100
From: <admin@???>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.17)
Gecko/20110414 Thunderbird/3.1.10
MIME-Version: 1.0
To: <admin@???>
Subject: =?UTF-8?B?SGV5LCB3aGF0J3MgdXA/?=
Content-Type: multipart/alternative;
boundary="------------080506090407010304040403"
I am surprised by a few things:
— This email went through very few intermediaries to reach my server
(yalis.fr). Apparently, it actually came directly from the sender (a
Palestinian ISP).
— There is a DKIM signature done by my own server (d=yalis.fr), which
includes the From header, and that header is @yalis.fr.
Considering the fact that the body is all about how “they” used a
zero-day exploit to infiltrate my machine (but with some non-believable
elements, such as making a video of me, and I do not have a webcam…),
how can I make sure that this is indeed a SPAM, and not a real attack?
Kind regards
Yves.