I came accross this in my mail server logs recently: >> 09/12/1998 12:11:37 AM () Topic trimming end 09/12/1998 12:13:31 AM (SMTP Server) Connected to sf-dnpqh-156.compuserve.net [209.154.99.156] 09/12/1998 12:13:31 AM (SMTP Server) Got HELO as Default 09/12/1998 12:13:33 AM (SMTP Server) Got MAIL FROM <noy82@msn.com> 09/12/1998 12:13:34 AM (SMTP Server) Got TO RCPT <bigscore99@aol.com> 09/12/1998 12:13:34 AM (SMTP Server) Delivery rejected - will not route for this client's IP address. 09/12/1998 12:13:34 AM (SMTP Server) Got QUIT 09/12/1998 12:13:39 AM (SMTP Server) Connection closed <<
Notice that the "Connected To" system has a different name than the "HELO" msg would indicate. Does this log indicate an attempt by "noy82@msn.com" to use Mail server "sf-dnpqh-156.compuserve.net" to foward spam to "bigscore99@aol.com" through my system, and my system rejected it? Why would a user on msn.com use a computerserve.net address....My guess is that this is really a spam FROM bigscore99.aol.com to others with a bogus header, but I am not sure I am reading this correctly. I have seen so many spam msgs that contain the same name on sender and receiver.
I often see messages like the following which indicate the mail server is the same as the connecting host :
>> 09/12/1998 06:45:35 AM (SMTP Server) Connected to hardly.hotwired.com [204.62.131.45] 09/12/1998 06:45:36 AM (SMTP Server) Got HELO as hardly.hotwired.com 09/12/1998 06:45:36 AM (SMTP Server) Got MAIL FROM <wiredmail-info@wired.com> 09/12/1998 06:45:44 AM (SMTP Server) Got TO RCPT <doleary@kz.eaze.net> 09/12/1998 06:45:52 AM (SMTP Server) Good recipient 09/12/1998 06:45:53 AM (SMTP Server) Got DATA 09/12/1998 06:45:57 AM (SMTP Server) Successfully received message 09/12/1998 06:46:03 AM (Eaze.Net) Read msg from Webmonkey <wiredmail-info@wired.com> 09/12/1998 06:46:05 AM (SMTP Server) Got QUIT 09/12/1998 06:46:08 AM (SMTP Server) Connection closed <<
Then I see some like the following which appear to indicate the mail server is NOT the same as the connecting host :
>> 09/12/1998 12:21:27 AM (SMTP Server) Connected to h-205-217-237-89.netscape.com [205.217.237.89] 09/12/1998 12:21:28 AM (SMTP Server) Got HELO as locutus.mcom.com 09/12/1998 12:21:28 AM (SMTP Server) Got MAIL FROM <business-solution-news@netscape.com> 09/12/1998 12:21:29 AM (SMTP Server) Got TO RCPT <doleary@kz.eaze.net> 09/12/1998 12:21:31 AM (SMTP Server) Good recipient 09/12/1998 12:21:31 AM (SMTP Server) Got DATA 09/12/1998 12:21:38 AM (SMTP Server) Successfully received message 09/12/1998 12:21:39 AM (SMTP Server) Got QUIT 09/12/1998 12:21:40 AM (Eaze.Net) Read msg from business-solution-news@netscape.com 09/12/1998 12:21:40 AM (SMTP Server) Connection closed <<
--- Daniel O'Leary, Sysop KloneZone Mac - A TeleFinder 5.7 Mac/Windows BBS
