brantgurga Posted April 5, 2009 Share Posted April 5, 2009 I've been receiving spam where the headers indicate a different receiving system than they should. This is an example: http://www.spamcop.net/sc?id=z2761826631zc...244246e31bde99z Is that even possible since I believe headers are supposed to be added on in order so any forgeries would have to be after my mailhosts? In this example, this header in the middle appears to be legitimate: Received: from rhspam.rose-hulman.edu (22.214.171.124) by exchange.rose-hulman.edu (126.96.36.199) with Microsoft SMTP Server (TLS) id 8.1.340.0; Sun, 5 Apr 2009 10:33:24 -0400 That is our 'spam firewall' handing off the message to the Exchange server. However, there are a bunch of headers after that. Would that indicate that something in our mail system is compromised? Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.