PDA

View Full Version : SPAM header question

ryount
08-19-2002, 12:20 PM
I just received this spam. The headers aren't what I am used to seeing. Our domain is prov.com. I went to report it on spamcop and it showed that our ip had already been submitted for relay testing. Is there something I should be concerned about here? Thanks.

Return-Path: <zerodown@century21ran.com>
Delivered-To: xprov-x@prov.com
Received: (qmail 8415 invoked from network); 19 Aug 2002 15:03:24 -0000
Received: from lola.futurequest.net (63.236.214.2)
by pt01.futurequest.net (63.151.147.170) with SMTP; 19 Aug 2002 15:03:24 -0000
Received: (qmail 32721 invoked from network); 19 Aug 2002 15:03:23 -0000
Received: from prov.com (63.236.214.110)
by lola.futurequest.net (63.236.214.2 ); 19 Aug 2002 15:03:23 -0000
Received: from unknown (HELO century21ran.com) (68.129.17.128)
by prov.com (63.236.214.110) with ESMTP; 19 Aug 2002 15:03:23 -0000
From: "B&T" <zerodown@century21ran.com>
Subject: EVERYONE NEEDS A PLACE TO LIVE (ADV)
To: x@prov.com
Content-Type: text/plain;charset="US-ASCII"
Reply-To: zerodown@century21ran.com
Date: Mon, 19 Aug 2002 08:03:28 -0700
X-Priority: 3
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
sheila
08-19-2002, 12:28 PM
What is happening here, is that the Spammer is connecting from IP address 68.129.17.128 to the prov.com SMTP server, which is allowed under SMTP protocol. It is explained in more detail how that can happen in this thread:

http://www.aota.net/forums/showthread.php?s=&threadid=11759

Therefore, it looks like the mail server at prov.com is allowing the spam to be "relayed" to you. Indeed, if your mail server were an open relay, this is exactly what the headers would look like. The only reason the spammer is able to do this is because he is delivering DIRECTLY to your domain.

While FutureQuest does not encourage that its mail servers be reported for relay testing, and in fact we would much prefer that they are not, it is not a large concern when they are. Since the servers are, in fact, not open relays, they should pass this test. Either SMTP-AUTH or POP-before-SMTP are required to send mail outbound, to a non-FutureQuest-hosted domain.
ryount
08-19-2002, 01:33 PM
Thanks Sheila. I thought it might be something like that.