[Esa-l] Weird E-Mail
Jason Jordan
esa-l at pcguru.com.au
Tue May 1 02:43:02 PDT 2001
I've received two very weird e-mails in the last two days.
Both were addressed to a user at my domain that does not exist... I
won't include the full text but the content looks like a brute force
username test against HotMail... *weird*.
Anyway - I noticed both emails had forged route host names...
Is it possible to block when the claimed host name doesn't match the
resolved one? Is it dumb?
Received: by swami.pcguru.com.au (mbox jas)
(with Cubic Circle's cucipop (v1.31 1998/05/13) Tue May 1 17:23:13
2001)
X-From_: MAILER-DAEMON at swami.pcguru.com.au Tue May 1 15:41:31 2001
Return-Path: <MAILER-DAEMON at swami.pcguru.com.au>
Received: from iris1.iris-system.com (nstnt6.szptt.net.cn
[202.104.108.161] (may be forged))
by swami.pcguru.com.au (8.11.2/8.11.0) with ESMTP id f417fMU16923
for <cokoso62 at pcguru.com.au>; Tue, 1 May 2001 15:41:29 +0800
From: postmaster at iris1.iris-system.com
To: cokoso62 at pcguru.com.au
Date: Tue, 1 May 2001 15:27:39 +0800
MIME-Version: 1.0
X-Security: MIME headers sanitized on swami.pcguru.com.au
See http://www.impsec.org/email-tools/procmail-security.html
for details. $Revision: 1.129 $Date: 2001-04-14 20:20:43-07
Content-Type: multipart/report; report-type=delivery-status;
boundary="9B095B5ADSN=_01C0B81C87260920000101CAiris1.iris?syste"
Message-ID: <wr2UAaTzv0000ad2f at iris1.iris-system.com>
Subject: Delivery Status Notification (Delay)
Cheers, Jas
More information about the esd-l
mailing list