[BlueOnyx:12450] Re: Forged mail getting through
Robert Fitzpatrick
robert at webtent.org
Wed Mar 6 13:26:34 -05 2013
Dogsbody wrote:
> On 05/03/2013 14:44, Robert Fitzpatrick wrote:
>> I had several forged emails get through a BO 5106 server this morning
>> and trying to figure out how they were allowed to be sent via the server...
>>
>> Mar 5 09:01:37 vnyxbo sendmail[18836]: r25E1F36018836: from=<forged at domain
>> .com>, size=299, class=0, nrcpts=1,
>> msgid=<201303051401.r25E1F36018836 at vnyxbo.we
>> btent.net>, proto=ESMTP, daemon=TLSMTA,
>> relay=node-3ld.pool-101-51.dynamic.totbb
>> .net [101.51.18.49]
>
> Grep your mail logs for the ID (r25E1F36018836) to see the whole mails
> journey through your server.
>
Thanks, I did that already, but this is all I get....
[root at vnyxbo log]# grep r25E1F36018836 maillog.1
Mar 5 09:01:37 vnyxbo sendmail[18836]: r25E1F36018836:
from=<user at domain.com>, size=299, class=0, nrcpts=1,
msgid=<201303051401.r25E1F36018836 at vnyxbo.webtent.net>, proto=ESMTP,
daemon=TLSMTA, relay=node-3ld.pool-101-51.dynamic.totbb.net [101.51.18.49]
Mar 5 09:01:37 vnyxbo sendmail[18874]: r25E1F36018836:
to=<michelle.l.elliott at us.army.mil>, delay=00:00:02, xdelay=00:00:00,
mailer=relay, pri=120299, relay=esmtp.webtent.net. [216.139.202.5],
dsn=2.0.0, stat=Sent (Ok: queued as DE4C22E33F)
The second entry is it being delivered to the outgoing smarthost of that
server. Does this show me how it was authorized?
Thanks, Robert
--
Robert <robert at webtent.org>
More information about the Blueonyx
mailing list