[exim] Is that SPAM? Or am I compromised?

Góra strony
Delete this message
Reply to this message
Autor: exi.ml
Data:  
Dla: exim-users
Temat: [exim] Is that SPAM? Or am I compromised?
I just received a SPAM (I hope), but the headers retained my attention;
here they are, in full:

Return-Path: <admin@???>
Delivered-To: yves@???
Received: from seuil3 ([192.168.1.201])
    by sphinx3 with LMTP
    id UARXHdImDmQdcBQAMvrXhg
    (envelope-from <admin@???>)
    for <yves@???>; Sun, 12 Mar 2023 20:24:02 +0100
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=yalis.fr;
    s=sphinx2; 
h=Content-Type:Subject:To:MIME-Version:From:Date:Message-ID:Sender
    :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description:
    Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
    In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
    List-Post:List-Owner:List-Archive;
    bh=qXhLPFix7x9RH0AbzUC6Jm3wwLRKaSLaBoZ0e0PYWGg=; 
b=19nO++1psw29bETtkJfSoCaeie
    x1Pa9jycEaMoWNC7ZTP04Fhf/nfNy6GrWKkY2paGp56NkLoyf+wWv54Ld1wB71kSczpBOHjFE5UyY
    UEazDeLVZcp9XS8IuiwUZWI+SFb4KTfAdJSmP1vrl8JPnBqaJPJTkAQhiuoATG4viLog=;
Received: from [93.184.14.24]
    by seuil3 with esmtp (Exim 4.96)
    (envelope-from <admin@???>)
    id 1pbRIJ-002UYg-0j
    for admin@???;
    Sun, 12 Mar 2023 20:24:02 +0100
Message-ID: <640E42D8.7020207@???>
Date: Sun, 12 Mar 2023 22:23:36 +0100
From: <admin@???>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.17) 
Gecko/20110414 Thunderbird/3.1.10
MIME-Version: 1.0
To: <admin@???>
Subject: =?UTF-8?B?SGV5LCB3aGF0J3MgdXA/?=
Content-Type: multipart/alternative;
  boundary="------------080506090407010304040403"


I am surprised by a few things:

— This email went through very few intermediaries to reach my server
(yalis.fr). Apparently, it actually came directly from the sender (a
Palestinian ISP).
— There is a DKIM signature done by my own server (d=yalis.fr), which
includes the From header, and that header is @yalis.fr.

Considering the fact that the body is all about how “they” used a
zero-day exploit to infiltrate my machine (but with some non-believable
elements, such as making a video of me, and I do not have a webcam…),
how can I make sure that this is indeed a SPAM, and not a real attack?

Kind regards

Yves.