Autor: Gedalya Fecha: A: exim-users Asunto: Re: [exim] Is that SPAM? Or am I compromised?
On 3/13/23 05:34, Yves via Exim-users wrote: >
> I am surprised by a few things:
>
> — This email went through very few intermediaries to reach my server (yalis.fr). Apparently, it actually came directly from the sender (a Palestinian ISP).
Why would that surprise you? They just did exactly that.
> — There is a DKIM signature done by my own server (d=yalis.fr), which includes the From header, and that header is @yalis.fr. As Slavko said, check that the signature is actually valid. If it is, review you exim config and see how they might have been able to get your exim to sign the message. Maybe you have a flaw in your config? > Considering the fact that the body is all about how “they” used a zero-day exploit to infiltrate my machine (but with some non-believable elements, such as making a video of me, and I do not have a webcam…), how can I make sure that this is indeed a SPAM, and not a real attack?
Based on what you have described, the furthest extent of any possible attack is somehow getting your exim to sign incoming messages coming from the wild.
Claiming that they infiltrated your machine is not an attack, it's a very common spam message.