Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Spam Mail Curiousity

From: info () hitcon de
Date: Wed, 25 Feb 2009 12:37:06 +0100

Does anyone now or got a clue how mails like the one in the log (down)
could pass a mail server (lotus domino)? i thought that mails (non
rfc-conform) would be blocked by default?
as you can see the originator has no sender address or something....i
compared that one with a general mail and realized that usually the mails
got a originator like someone@domain.toplevel.....

21.02.2009 09:13:14   SMTP Server: 200-32-8-221.prima.net.ar=20
(200.32.8.221) connected
21.02.2009 09:13:15   SMTP Server: SYSTEM (89.165.16.212) connected
21.02.2009 09:13:16   SMTP Server: Originator: <Watches>
21.02.2009 09:13:16   SMTP Server: Recipient: <hotline () ourdomain de>
21.02.2009 09:13:17   SMTP Server: Message 002D2959 (MessageID:=20
<001001c615da$f54918a0$0395d78c@system>) received from SYSTEM=20
(89.165.16.212) size 2402 bytes
21.02.2009 09:13:17   Router: Message 002D2959, 002D2959 forwarded to=20
hotline/hitcon@HITCON from Watches OFAFB6624F:1FAA8008 ONC1257564:002D2959
21.02.2009 09:13:17   SMTP Server: SYSTEM (89.165.16.212) disconnected.
1=20
message[s] received

Received:  from gpf.com ([89.165.16.212])          by mail.ourdomain.de   =
=20
with ESMTP id 2009022109131633-7043 ;          Sat, 21 Feb 2009 09:13:16=20
+0100
From:  "Benjamin Burch" <Watches>
SendTo:  "Hotline" <hotline () ourdomain de>
Subject:  Exquisite Replica
MIME_Version:  1.0
X_MSMail_Priority:  Normal
$Mailer:  Microsoft Outlook Express 6.00.3790.1409
X_MimeOLE:  Produced By Microsoft MimeOLE V6.00.3790.181
$INetOrig:  06B7F66FAC14D17AF97B7FFED37F1771
$Created:  10.01.2006 08:36:51
TNEFEvaluated:  1
SMTPOriginator:  Watches
$TKAttaConversion:  DONE 0.000sec
$Orig:  AFB6624F1FAA8008C1257564002D2959
$MessageID:  <001001c615da$f54918a0$0395d78c@system>



HITCON AG
Maik Linnemann
Gartenstraße 208
48143 Münster
+49 (251) 2801-205 (Phone)
+49 (251) 2801-280 (Fax)
+49 (170) 6364-205 (Mobil)
mailto:info () hitcon de
http://www.hitcon.de

Mitglieder des Vorstandes: Helmut Holtstiege, Tobias Helling
Vorsitzender des Aufsichtsrats: Hans-Hermann Schumacher

Sitz der Gesellschaft: Münster
Registergericht: Amtsgericht Münster, HRB 5177

member of http://www.grouplink.de
·
Previous By Date Next
Previous By Thread Next

Current thread: