[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Bad mail getting through.
- Subject: [cobalt-security] Bad mail getting through.
- From: David Lucas <david@xxxxxxxxxxxxxxxx>
- Date: Tue, 23 Apr 2002 23:45:42 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
OK, I need some help.
This email made it through (with the Klez virus)
I see the space at the end of the from address.
I have many "Relaying denied. Please check your mail first." with this ip
today (24.207.16.73)
Most have different froms and tos.
The receipent is bogus, but mine. It belongs to me but has never been
used. (it was harvested and goes to the catchall)
As the from was invalid with the extra space at the end, why did this email
not get rejected as being relayed. Others today were.
I am getting email returned that was never sent with one of my addresses as
the sender.
Apr 23 20:35:18 www sendmail[11539]: g3O1ZB211539: from=<cs@xxxxxxxxxx >,
size=152811, class=0, nrcpts=1,
msgid=<200204240135.g3O1ZB211539@xxxxxxxxxxxxxxxxxxxx>, proto=SMTP,
daemon=MTA, relay=h24-207-16-73.cst.dccnet.com [24.207.16.73]
Apr 23 20:35:19 www sendmail[11559]: g3O1ZB211539: to=<tags@xxxxxxxxxx>,
ctladdr=<cs@xxxxxxxxxx > (116/100), delay=00:00:08, xdelay=00:00:01,
mailer=local, pri=182664, dsn=2.0.0, stat=Sent
Can someone really help here. Over the last week or two, I have really
started to get hammered by email like this. This particular one include
the Klez virus.