Tim P Posted September 2, 2005 Share Posted September 2, 2005 This is a 419 spam, which is being misparsed as "too-old". It is not the first one that I have had. why is the parser accepting garbage lines with old dates?? http://mailsc.spamcop.net/sc?id=z802345019...9624e628007644z particularly see this: . Received: from smtp.mailix.net ([184.108.40.206]) by ibm36aec.bellsouth.net with ESMTP id <20050902200831.GXEJ12677.ibm36aec.bellsouth.net[at]smtp.mailix.net>; Fri, 2 Sep 2005 16:08:31 -0400 . next hop: . Received: from [192.168.8.8] (helo=localhost) by smtp.mailix.net with asmtp (Exim 4.24-H) id 1E3txK-0005MC-C7; Sat, 13 Aug 2005 04:13:38 -0700 . "Sat, 13 Aug 2005 04:13:38 -0700" <- WRONG My hosts file is configured properly and has been since its inception. Pay particular attention to the Bellsouth header. That is my mailhost's server which has the proper time stamp. The next received header is not giving the proper date, time and it should be at least be ignored. It looks like either a forged line or a config problem at that mailserver. The parser accepted the date from that last header above as a valid date. That is wrong, since my mailserver didnt get any email until today, the date should be trusted *only* at my mailserver. But even so, why is that last line being trusted? "Received: from [192.168.8.8] (helo=localhost)" being reported by a supposed trusted server (if "smtp.mailix.net" is trusted, that is). That should automatically throw it out as garbage since there is no valid source ip being recorded. In other words - a mailserver will record the source IP correctly at the SMTP transaction but nobody would expect a "local net ip". Indeed, that connection should have been rejected outright. Since there has been some recent conversation on forged dates, too old to report spam, I am inclined to believe that a spammer has found an exploit. Do the deputies confer? Tim P Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.