[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Google
  Web www.spinics.net

Mail spoofing etc.

Sorry to bother the list but I seem to have a lot of trouble determining in
which direction this mail is going. For that matter, I have trouble
determining what is going on for a lot of mail, given domain and address
spoofing. (a person always hates to admit that they are a bit lost ;-) On
the surface, to me anyway, it looks like the remote mail system is spoofing
my domain (zuka.net). The following are the headers:
 
Return-Path: <humanedurham@xxxxxxxxxxxxxxx>
Received: from zuka.net
(CPE0000e89b2063-CM013020004996.cpe.net.cable.rogers.com [24.43.155.113])
 
spoofing? This is not the IP of zuka.net

 by rosewood.zuka.net (8.12.11/8.12.11) with ESMTP id i7RM3X6m024503
 for <webmaster@xxxxxxxx>; Fri, 27 Aug 2004 18:03:34 -0400
Message-Id: <200408272203.i7RM3X6m024503@xxxxxxxxxxxxxxxxx>
From: humanedurham@xxxxxxxxxxxxxxx
To: webmaster@xxxxxxxx
Subject: [Possible Spam] [Possible Virus] 
Date: Fri, 27 Aug 2004 18:03:19 -0400
MIME-Version: 1.0
Content-Type: multipart/mixed;
 boundary="----=_NextPart_000_0016----=_NextPart_000_0016"
X-Priority: 3
X-MSMail-Priority: Normal
X-zuka.net-MailScanner-Information: Please contact the ISP for more
information
X-zuka.net-MailScanner: Found to be infected
X-zuka.net-MailScanner-SpamCheck: spam, SpamAssassin (score=8.8, required 6,
 BAYES_00 -2.60, FORGED_RCVD_HELO 0.00, MIME_BOUND_NEXTPART 0.69,
 MIME_MISSING_BOUNDARY 1.99, MISSING_MIMEOLE 1.83,
 MISSING_SUBJECT 1.16, MSGID_FROM_MTA_ID 2.43, NO_REAL_NAME 0.24,
 PRIORITY_NO_NAME 1.25, RCVD_IN_NJABL_DUL 1.71,
 RCVD_IN_SORBS_DUL 0.09)
X-zuka.net-MailScanner-SpamScore: 8
X-MailScanner-From: humanedurham@xxxxxxxxxxxxxxx
 
Could someone give me their opinion of what is going on here and perhaps
direct me to a good clear tutorial or resource for understanding how mail
gets spoofed etc. I have the O'Reilly Sendmail book but it is not really
focused on these problems and really would like to understand how to read
these headers to determine what is really going on. 
 
Cheers
 
Dave
 
_______________________________________________
LinuxManagers mailing list - http://www.linuxmanagers.org
submissions: LinuxManagers@xxxxxxxxxxxxxxxxx
subscribe/unsubscribe: http://www.linuxmanagers.org/mailman/listinfo/linuxmanagers

[Home]     [Kernel List]     [Linux SCSI]     [Video 4 Linux]     [Linux Admin]     [Yosemite News]     [Motherboards]

Powered by Linux