Bronek Kozicki wrote: > Recently I received some complains on spam apparently sent from one of > my servers (Win2K + SP3 + recent hotfixes). The problem is that: [snip] > So here I'm, with spam holding my IP in lowest "Received:" header and no > traces. There are only two things I can think of: > 1. some leaky web form NOT using CDO/CDONT to send out messages (and > something else instead) > 2. Faerion IRC daemon ver. 1.17.6 . I installed it and configured for > handling only local chat sessions (not connected to any IRC network) If I don't misunderstand what you're writing, it could be as simple as a forged header, manually put there by the spammer. Are there many Received-headers? You can't trust any of them except maybe the topmost. By looking at more copies of the same spam, received by different users (at different places) you may be able to rule out some of the headers as forged. There are lots of info on this on the web. /R ---------------------------------------------------------------------------- <Pre>Lose another weekend managing your IDS? Take back your personal time. 15-day free trial of StillSecure Border Guard.</Pre> <A href="http://www.securityfocus.com/stillsecure"> http://www.securityfocus.com/stillsecure </A>
This archive was generated by hypermail 2b30 : Wed Mar 05 2003 - 08:31:34 PST