Loading ...
Sorry, an error occurred while loading the content.

262343Re: trusted ip address spoofed (Logs) ?

Expand Messages
  • Jim Wright
    Feb 1, 2010
    • 0 Attachment
      On Feb 1, 2010, at 2:17 AM, Dimitrios Karapiperis wrote:

      I attach some pieces of logs for better understanding

      Feb  1 08:44:18 smtp postfix/smtpd[17200]: connect from serial.domain.tld[111.222.333.444]
      Feb  1 08:44:18 smtp postfix/qmgr[27864]: 88B76180FE: from=<mjandsvaw@...>, size=1997, nrcpt=2 (queue active)
      Feb  1 08:44:18 smtp amavis[17227]: (17227-16) Passed SPAM, ORIGINATING LOCAL [111.222.333.444] [xxx.yyy.zzz.jjj] <mjandsvaw@...> -> <gu_has@...>,<guido      .bergwitz@...>, Message-ID: <016d01caa309$f8d25ed0$be63cdd4@BNSXLDC>, mail_id:  VSiSm3-q73CN, Hits: 6.947, size: 1589, queued_as: 88B76180FE, 119 ms
      Feb  1 08:44:18 smtp postfix/smtp[17274]: 3CDEA180FD: to=<gu_has@...>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.37, delays=0.25/0/0/0.12, dsn=2.0.0, status=sent (2      50 2.0.0 Ok, id=17227-16, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 88B76180FE)
      Feb  1 08:44:18 smtp postfix/smtp[17274]: 3CDEA180FD: to=<guido.bergwitz@...>, relay=127.0.0.1[127.0.0.1]:10026, delay=0.37, delays=0.25/0/0/0.12, dsn=2.0.0, status      =sent (250 2.0.0 Ok, id=17227-16, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 88B76180FE)
      Feb  1 08:44:18 smtp postfix/qmgr[27864]: 3CDEA180FD: removed

      Examine the logs from 111.222.333.444 and find out how that message was delivered there, if the message is spam, and it was delivered by a trusted source, then you need to see how it arrived there.

    • Show all 2 messages in this topic