Spam reported from us not from us? (bogus Recieved: lines?)
Some server info:
Plesk 2.x with Qmail mta, uses a mail relay to spool all outgoing email at
mail-relay.genericdns.com so all mail should show this, but these spam don't plus I've scoured the maillogs for ANYTHING from these headers, ips, from: lines, everything, and NONE of them are found in the logs. At this point I can't find ANYTHING to show this email originated with us but the headers in the email shows it as coming from us.
And (granted I don't spend hours reading mail headers) is it normal for a "Recieved" line to be found BELOW the From: To: lines? Just looked odd, here's a header from one of the complaints.
Also, this shows recieved from 127.0.0.1 AND 209.51.150.9 (our server) in the header.
Any help at all deciphering what's going on would be helpful.
Header:
Return-Path: <ghgh@gremio.com>
Received: from localhost (localhost [127.0.0.1])
by mx.sitadelle.com (Postfix) with ESMTP id 91FFE76F21
for <x>; Sat, 7 Jun 2003 00:02:43 +0200 (CEST)
X-Envelope-To: x
X-Quarantine-id:
<spam-01478ee4c7594a7715cf078b5d92a0f1-20030607-000243-07139-01>
Received: from dns.poczta.poznan.pl (dns.poczta.poznan.pl [195.216.115.10])
by mx.sitadelle.com (Postfix) with SMTP id EF80276F1C
for <x>; Sat, 7 Jun 2003 00:02:41 +0200 (CEST)
Received: from www1.poczta.poznan.pl by dns.poczta.poznan.pl
via smtpd (for mx00.sitadelle.com [212.94.174.73]) with SMTP; 6
Jun 2003 22:02:41 UT
Received: from fw1.poczta.poznan.pl ([209.51.150.9]) by
dop-exch.POCZTA.POZNAN.PL with Microsoft SMTPSVC(5.0.2195.2966);
Fri, 6 Jun 2003 23:06:36 +0100
From: "Great Price" <ghgh@gremio.com>
To: "x" <x>
Received: from ns19a.genericdns.com ([209.51.150.9]) by fw1.poczta.poznan.pl
via smtpd (for www1.poczta.poznan.pl [10.160.0.32]) with SMTP; 6
Jun 2003 22:02:40 UT
Subject: Great Savings on Norton SystemWorks 2003 parrrotsh
