> I have an issue where spam is being sent through Squirrel Mail by using a > valid user's account. asulfsted@xxxxxxxxx is a valid user on our server. > Our mail server address is 216.23.70.55. What concerns me, is this : > > Received: from 81.199.161.117.ipplanet.net ([81.199.161.117]) > (SquirrelMail authenticated user asulfsted) > by mail.comey.com with HTTP It is very likely forged. > Any suggestions would be greatly appreciated. > Here are the headers in full: > > HEADERS: > > Return-Path: <*asulfsted@xxxxxxxxx* <mailto:asulfsted@xxxxxxxxx>> > Received: from rly-mf03.mail.aol.com (rly-mf03.mail.aol.com > [172.20.29.173]) by air-mf10.mail.aol.com (v115.11) with ESMTP id > MAILINMF104-94c465adf06203; Mon, 28 May 2007 09:54:32 -0400 > Received: from mail2.comey.com (mail2.comey.com [216.23.70.55]) by > rly-mf03.mail.aol.com (v115.13) with ESMTP id > MAILRELAYINMF032-94c465adf06203; Mon, 28 May 2007 09:54:15 -0400 The above "received" header is the only one you can trust, since your receiving mail server put it there. Every "received" header below is likely to be forged so you can't trust them. All other headers may also be forged. > Received: from mail2.comey.com (localhost.localdomain [127.0.0.1]) > by mail2.comey.com (8.13.3/8.13.3) with ESMTP id l4SDsD4D020637 for > <jdavechase@xxxxxxx <mailto:jdavechase@xxxxxxx>>; Mon, 28 May 2007 > 09:54:14 -0400 > Received: (from www@localhost <mailto:www@localhost>) > by mail2.comey.com (8.13.3/8.13.3/Submit) id l4SDsBjG020625; Mon, 28 May > 2007 09:54:11 -0400 > Received: from 81.199.161.117.ipplanet.net ([81.199.161.117]) > (SquirrelMail authenticated user asulfsted) > by mail.comey.com with HTTP; Mon, 28 May 2007 09:54:11 -0400 (EDT) > Message-ID: <3101.81.199.161.117.1180360451.squirrel@xxxxxxxxxxxxxx > <mailto:3101.81.199.161.117.1180360451.squirrel@xxxxxxxxxxxxxx>> > Date: Mon, 28 May 2007 09:54:11 -0400 (EDT) > Subject: Notification Letter!! > From: asulfsted@xxxxxxxxx <mailto:asulfsted@xxxxxxxxx> > Reply-To: *agent_frank7@xxxxxxxxxxx* <mailto:agent_frank7@xxxxxxxxxxx> > User-Agent: SquirrelMail/1.4.4 > MIME-Version: 1.0 > Content-Type: text/plain;charset=iso-8859-1 > X-Priority: 3 (Normal) > Importance: Normal > Content-Transfer-Encoding: quoted-printable > X-MIME-Autoconverted: from 8bit to quoted-printable by mail2.comey.com > id l4SDsD4D020637 X-AOL-IP: 216.23.70.55 > X-AOL-SCOLL-SCORE: 0:2:494944716:6710886 > X-AOL-SCOLL-URL_COUNT: 0 Also see <http://squirrelmail.org/docs/user/user-3.html#ss3.1>. Sincerely, Fredrik ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ -- squirrelmail-users mailing list Posting Guidelines: http://www.squirrelmail.org/wiki/MailingListPostingGuidelines List Address: squirrelmail-users@xxxxxxxxxxxxxxxxxxxxx List Archives: http://news.gmane.org/thread.php?group=gmane.mail.squirrelmail.user List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
