[Esa-l] Weird E-Mail

Jason Jordan esa-l at pcguru.com.au
Tue May 1 02:43:02 PDT 2001


I've received two very weird e-mails in the last two days.

Both were addressed to a user at my domain that does not exist... I
won't include the full text but the content looks like a brute force
username test against HotMail... *weird*.

Anyway - I noticed both emails had forged route host names... 

Is it possible to block when the claimed host name doesn't match the
resolved one?  Is it dumb? 

Received: by swami.pcguru.com.au (mbox jas)
 (with Cubic Circle's cucipop (v1.31 1998/05/13) Tue May  1 17:23:13
2001)
X-From_: MAILER-DAEMON at swami.pcguru.com.au  Tue May  1 15:41:31 2001
Return-Path: <MAILER-DAEMON at swami.pcguru.com.au>
Received: from iris1.iris-system.com (nstnt6.szptt.net.cn
[202.104.108.161] (may be forged))
	by swami.pcguru.com.au (8.11.2/8.11.0) with ESMTP id f417fMU16923
	for <cokoso62 at pcguru.com.au>; Tue, 1 May 2001 15:41:29 +0800
From: postmaster at iris1.iris-system.com
To: cokoso62 at pcguru.com.au
Date: Tue, 1 May 2001 15:27:39 +0800
MIME-Version: 1.0
X-Security: MIME headers sanitized on swami.pcguru.com.au
	See http://www.impsec.org/email-tools/procmail-security.html
	for details. $Revision: 1.129 $Date: 2001-04-14 20:20:43-07 
Content-Type: multipart/report; report-type=delivery-status;
	boundary="9B095B5ADSN=_01C0B81C87260920000101CAiris1.iris?syste"
Message-ID: <wr2UAaTzv0000ad2f at iris1.iris-system.com>
Subject: Delivery Status Notification (Delay)

Cheers, Jas



More information about the esd-l mailing list