spam -- but no received: heders?

To: debian-user@lists.debian.org
Subject: spam -- but no received: heders?
From: Will Trillich <will@serensoft.com>
Date: Wed, 19 Nov 2003 12:17:29 -0600
Message-id: <[🔎] 20031119181729.GF22971@serensoft.com>
Mail-followup-to: debian-user@lists.debian.org

here's the whole set of headers from some spam i've got
recently--

	From lkcohlmcbgyw@canada.com Wed Nov 19 10:41:57 2003
	Return-path: <lkcohlmcbgyw@canada.com>
	Envelope-to: will@serensoft.com
	Received: from mail by boss.serensoft.com with spam-scanned (Exim 3.35 #1 (Debian))
		id 1AMVOt-00034C-00
		for <will@serensoft.com>; Wed, 19 Nov 2003 10:41:57 -0600
	Received: from localhost [127.0.0.1] by boss.serensoft.com
		with SpamAssassin (2.60 1.212-2003-09-23-exp);
		Wed, 19 Nov 2003 10:41:57 -0600
	From: "Odonnell Tommie" <lkcohlmcbgyw@canada.com>
	To: info@serensoft.com
	Subject: Re: %RND_UC_CHAR[2-8], rimsky knew where
	Date: Wed, 19 Nov 2003 03:39:43 -0100
	Message-Id: <FARCGWMJAFGVSAHNETQRJN@yahoo.ca>
	X-Spam-Flag: YES
	X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on 
		boss.serensoft.com
	X-Spam-Status: Yes, hits=18.7 required=5.0 tests=BAYES_99,BIZ_TLD,
		FORGED_AOL_HTML,FORGED_MUA_AOL_FROM,HTML_FONTCOLOR_UNKNOWN,
		HTML_FONT_INVISIBLE,HTML_IMAGE_ONLY_10,HTML_MESSAGE,HTML_TITLE_EMPTY,
		MIME_HTML_ONLY,MIME_HTML_ONLY_MULTI,MISSING_MIMEOLE,
		MISSING_OUTLOOK_NAME,X_MSMAIL_PRIORITY_HIGH,X_PRIORITY_HIGH 
		autolearn=no version=2.60
	X-Spam-Level: ******************
	MIME-Version: 1.0
	Content-Type: multipart/mixed; boundary="----------=_3FBB9D55.C18778B3"

clever subject, eh?

	Subject: Re: %RND_UC_CHAR[2-8], rimsky knew where

normally there's a lot of "received:" headers that can track
back to the original ip -- but this looks like it was sent from
localhost...  eesh!

	Received: from mail by boss.serensoft.com with spam-scanned (Exim 3.35 #1 (Debian))
		id 1AMVOt-00034C-00
		for <will@serensoft.com>; Wed, 19 Nov 2003 10:41:57 -0600
	Received: from localhost [127.0.0.1] by boss.serensoft.com
		with SpamAssassin (2.60 1.212-2003-09-23-exp);
		Wed, 19 Nov 2003 10:41:57 -0600

at least message-id implies it came thru yahoo.ca:

	Message-Id: <FARCGWMJAFGVSAHNETQRJN@yahoo.ca>

i don't think i've been hacked (my server is port-forwarded from
behind a clarkconnect.org firewall) -- but how can someone spoof
127.0.0.1 as an originating ip?

-- 
I use Debian/GNU Linux version 3.0;
Linux boss 2.4.18-bf2.4 #1 Son Apr 14 09:53:28 CEST 2002 i586 unknown
 
DEBIAN NEWBIE TIP #19 from Dave Sherohman <esper@sherohman.org>
and Will Trillich <will@serensoft.com>
:
How do you determine WHICH NETWORK SERVICES ARE OPEN (active)?
Try "netstat -a | grep LISTEN". To see numeric values (instead
of the common names for services using a particular port) then
try "netstat -na" instead. For more info, look at "man netstat".
   Also try "lsof -i" as root. "man lsof" for details.

Also see http://newbieDoc.sourceForge.net/ ...

Reply to:

Follow-Ups:
- Re: spam -- but no received: heders?
  - From: Oliver Elphick <olly@lfix.co.uk>
- Re: spam -- but no received: heders?
  - From: Kjetil Kjernsmo <kjetil@kjernsmo.net>

Prev by Date: test
Next by Date: Re: Help! strange bttv problem
Previous by thread: Test
Next by thread: Re: spam -- but no received: heders?
Index(es):
- Date
- Thread