Hi.
I have 2 email address
pelle[at]example1.com
pelle[at]example2.com
pelle[at]example1.com has MX record :mail1.otherISP.com but is redirected there to pelle[at]example2.com which is hosted by me by the mailserver mail.example2.com
so when I get spam to pelle[at]example1.com---redirect--->pelle[at]example2.com
spamcop wrongfully says that mail1.otherISP.com is the originator?
here is a modified header:
Return-path: <e_blevinsuh[at]afloat.demon.co.uk>
Envelope-to: pelle[at]example2.com --->modified
Delivery-date: Fri, 30 Jan 2004 13:33:16 +0100
Received: from [190.21.97.18] (helo=mail1.otherISP.com) --->modified
by mail.example2.com with esmtp (Exim 3.22 #1) --->modified
id 1AmXpk-00000n-00
for pelle[at]example2.com; Fri, 30 Jan 2004 13:33:16 +0100 --->modified
Received: from [62.43.75.24] (helo=cfs.nrcan.gc.ca)
by mail1.otherISP.com with esmtp (Exim 4.24) --->modified
id 1AmXec-0005RY-Db
for pelle[at]example1.com ; Fri, 30 Jan 2004 13:21:50 +0100 --->modified
Message-ID: <NGCDCKJKPCBIPLBAFDEOBLDDIJAA.e_blevinsuh[at]afloat.demon.co.uk>
From: "Elton Blevins" <e_blevinsuh[at]afloat.demon.co.uk>
To: pelle[at]example1.com --->modified
Subject: turn your spud into a stud!
Date: Fri, 30 Jan 2004 10:17:17 +0000
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: base64
the spam really originated from [62.43.75.24] (helo=cfs.nrcan.gc.ca) (this is the only thing UNmodified in the example above)
My friend owns the company otherISP.com:) and I have checked for open relays, bur there arent any. They use SMTP authentication also.
My own mailserver is also checked thoroughly.
can anyone explain this?
sorry for the bad highschool english:)
/pelle