[ctw] Re: ForgedHELO

From: Tom Shaw <tshaw@xxxxxxxx>
To: ctw@xxxxxxxxxxxxx
Date: Fri, 10 Jul 2009 19:26:40 -0400

At 1:17 AM -0300 7/10/09, IBS Ltd. wrote:

Good day Tom...
You sir just solved the issue - DoFakedUseLocalDomain was selected -the hotmail test worked this time....


youre welcome ;-)

When the test comes from hotmail - it says it is spoofed... when Ireply to it - it sends it to a default address - not back tohotmail... I can not send anything to the outside world - onlylocally - and everything says it is spoofed - which is what I amguessing is why I can not email out....
disable smtp vrfy is not selected in eims


example:

        From:     admin@xxxxxxxxxxxx
        Subject:        test
        Date:   July 10, 2009 1:08:58 AM ADT
        To:       mytestaddress@xxxxxxxxxxx
        Return-Path:    <admin@xxxxxxxxxxxx>
Received: from [10.0.1.2] (xxx.xx.xxx.xxx) bymail.mydoamin.com with ESMTP (EIMS X 3.3.9) for<admin@xxxxxxxxxxxx>; Fri, 10 Jul 2009 01:08:59 -0300Received: from [10.0.1.2] ([156.34.149.11]helo=[10.0.1.2]) with IPv4:587 by mail.mydomain.com; 10 Jul 200901:08:58 -0300
        Mime-Version:   1.0 (Apple Message framework v753.1)
        Content-Transfer-Encoding:      7bit
        Message-Id:     <4156B3F2-F66E-4500-8A9A-4E4B47B87402@xxxxxxxxxxxx>
        Content-Type:   text/plain
        X-Mailer:       Apple Mail (2.753.1)
        X-Assp-Score:   5 (Suspicious HELO - contains IP: '[10.0.1.2]')
        X-Assp-Score:   5 (IP in HELO does not match connection: '[10.0.1.2]')
        X-Assp-Score:   10 (user unknown admin@xxxxxxxxxxxx)
        X-Assp-Score:   20 (No Spoofing Allowed 'admin@xxxxxxxxxxxx')
        X-Assp-Spam-Level:      ****************
        X-Assp-Tag:     SpoofedSender
        X-Assp-Envelope-From:   admin@xxxxxxxxxxxx
        X-Assp-Version: 1.5.1.2(4.0.03)
        X-Assp-Id:      mail.ibsltd.nb.ca ()
        X-Assp-Spam:    YES
        X-Assp-Original-Subject:        test
        X-Assp-Block:   NO (alltestmode)
        X-Spam-Status:  YES
        X-Assp-Spam-Reason:     No Spoofing Allowed 'admin@xxxxxxxxxxxx'
        X-Assp-Message-Totalscore:      40

The log file...
Jul-10-09 01:06:54 156.34.149.11 <admin@xxxxxxxxxxxx> MessageScoreis now 5, after adding 5
                   (Suspicious HELO - contains IP: '[10.0.1.2]')
Jul-10-09 01:06:54 156.34.149.11 <admin@xxxxxxxxxxxx> MessageScoreis now 10, after adding 5 (IP in
                   HELO does not match connection: '[10.0.1.2]')
Jul-10-09 01:06:55 156.34.149.11 <admin@xxxxxxxxxxxx> to:admin@xxxxxxxxxxxx MessageScore is now 30,
                   after adding 20 (No Spoofing Allowed 'admin@xxxxxxxxxxxx')
Jul-10-09 01:06:55 [SpoofedSender][alltestmode] 156.34.149.11<admin@xxxxxxxxxxxx> to:admin@xxxxxxxxxxxx [spam found] and passingbecause alltestmode, otherwise blocked (No
                   Spoofing Allowed 'admin@xxxxxxxxxxxx') ->
                   /applications/assp/discarded/6574.eml


You need to auth the mail

Tom

--
Tom Shaw - Chief Engineer, OITC
<tshaw at oitc.com>, http://www.oitc.com/ local wx: http://www.oitc.com/weather

US Phone Numbers: 321-984-3714, 321-729-6258(fax),321-258-2475(cell/voice mail,pager)

Text Paging: http://www.oitc.com/Pager/sendmessage.html
AIM/iChat: trshaw@xxxxxxx

Fish more and Live longer
Circle The Wagons

manage: //www.freelists.org/list/ctwpost: mailto:ctw@xxxxxxxxxxxxx

unsubscribe: mailto:ctw-request@xxxxxxxxxxxxx?subject=unsubscribe
search: //www.freelists.org/archives/ctw
faq: //www.freelists.org/wiki/the_faq

References:
- [ctw] ForgedHELO
  - From: IBS Ltd.
- [ctw] Re: ForgedHELO
  - From: Tom Shaw
- [ctw] Re: ForgedHELO
  - From: IBS Ltd .

[ctw] Re: ForgedHELO

Other related posts: