Author: Slavko Date: To: exim-users Subject: Re: [exim] Is that SPAM? Or am I compromised?
Dňa 12. 3. o 22:34 Yves via Exim-users napísal(a):
I have no solution for you, but some comments:
> — This email went through very few intermediaries to reach my server
> (yalis.fr). Apparently, it actually came directly from the sender (a
> Palestinian ISP).
Received: headers can be faked, removed, etc...
> — There is a DKIM signature done by my own server (d=yalis.fr), which
> includes the From header, and that header is @yalis.fr.
Can be DKIM replay, it can be failed, only with purpose to fool users.
You didn't provide DKIM verify result...
Anyway, your Message-ID is signed, if that message was initialed from
your server, you must be able to find it in logs. And you can change
DKIM key, to be sure...
> Considering the fact that the body is all about how “they” used a
> zero-day exploit to infiltrate my machine (but with some non-believable
> elements, such as making a video of me, and I do not have a webcam…),
> how can I make sure that this is indeed a SPAM, and not a real attack?
I see that type of message often, and often as flood from some
hundreds/thounsands of hosts in short time. I am very success to filter
them, and i don't very worry about them...
