Re: [courier-users] How the hell was this spam delivered?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

THey buried the REAL destination in the headers, and spoofed the "To" 
field it looks like.

Tim Hosking wrote:

>on 27/12/01 12:39 pm, Sysop at sy...@fo... wrote:
>
>Look at the TO: field in the header. That address has nothing to do with my
>server. I do not host homelenders.com and I have no user called loanrep. I
>do not accept mail addressed to non-existent users.
>
>>How did you expect it NOT to get delivered?  Everything looks cool, do
>>you not accept email from an unknown user or somethign?  You can add
>>that persons domain into your bofh file, or just that account, but I
>>fail to see how you expect it NOT to get delivered.
>>
>>Tim Hosking wrote:
>>
>>>Hi.
>>>
>>>I just received a spam email from homelenders.com. Here are the headers:
>>>
>>>Delivered-To: ti...@tr...
>>>Return-Path: <lo...@ho...>
>>>Received: from smtp1.vol.cz (smtp1.vol.cz [195.250.128.73])
>>> (TLS: TLSv1/SSLv3,168bits,DES-CBC3-SHA)
>>> by OldPeculier with esmtp; Wed, 26 Dec 2001 22:32:11 -0500
>>>Received: from smtp2.vol.cz (smtp2.vol.cz [195.250.128.42])
>>>   by smtp1.vol.cz (8.11.6/8.11.3) with ESMTP id fBR3cjB89493;
>>>   Thu, 27 Dec 2001 04:38:45 +0100 (CET)
>>>   (envelope-from lo...@ho...)
>>>Received: from homelenders.com (datelb-1-2-18.dialup.vol.cz [212.20.100.20])
>>>   by smtp2.vol.cz (8.11.3/8.11.3) with SMTP id fBR3bkw12060;
>>>   Thu, 27 Dec 2001 04:37:51 +0100 (CET)
>>>   (envelope-from lo...@ho...)
>>>Date: Thu, 27 Dec 2001 04:37:51 +0100 (CET)
>>>Message-Id: <200...@sm...>
>>>Mime-Version: 1.0
>>>Content-Type: text/html; charset=us-ascii
>>>Content-Transfer-Encoding: 7bit
>>>From: lo...@ho...
>>>Reply-To: lo...@ho...
>>>To: lo...@ho...
>>>Subject: hassle-free home loans
>>>
>>>And here are the related lines from my maillog (sorry about the wrapping):
>>>
>>>Dec 26 22:32:09 OldPeculier courieresmtpd: started,ip=[195.250.128.73]
>>>Dec 26 22:32:14 OldPeculier courierd: newmsg,id=0000AD58.3C2A963C.00001851
>>>Dec 26 22:32:14 OldPeculier courierd:
>>>started,id=0000AD58.3C2A963C.00001851,from=<lo...@ho...>,module=
>>>local,host=tim!!20008!20008!/home/tim!!,addr=<tim>
>>>Dec 26 22:32:14 OldPeculier courierd: Waiting.  shutdown time=none, wakeup
>>>time=none, queuedelivering=1, inprogress=1
>>>Dec 26 22:32:14 OldPeculier courierlocal:
>>>id=0000AD58.3C2A963C.00001851,from=<lo...@ho...>,addr=<tim@trhos
>>>king.com>,size=16516,success: Message delivered.
>>>Dec 26 22:32:15 OldPeculier courierd:
>>>completed,id=0000AD58.3C2A963C.00001851
>>>Dec 26 22:32:15 OldPeculier courierd: Waiting.  shutdown time=Wed Dec 26
>>>23:18:21 2001, wakeup time=Wed Dec 26 23:18:21 2001, queuedelivering=0,
>>>inprogress=0
>>>
>>>How on earth did this message get accepted and delivered to a local account?
>>>I am running courier-0.36.1.
>>>
>>>
>>>
>>
>>
>
>