OT: Question related to From: field in x-headers vs who the message actually came from.

Duncan, Brian M. brian.duncan at kattenlaw.com
Fri Sep 4 15:06:11 IST 2009 

First, our sendmail servers are either incoming or outgoing for my
company. The incoming sendmail servers REJECT any messages coming in
from any of our domains.  To help keep spoofed messages out of our
environment, we reject around 35,000 spoofed messages combined per day
at the edge.
 
So I have started to see what I show in the headers below occasionally
now.  Can someone explain to me what is happening that knows?  And does
anyone know how to remove this possibility from occurring? I can't
replicate the behavior below with a mail client externally, so I am
guessing it has to be specifically manipulated in a non RFC compliant
manner.
 
I don't understand how Mailscanner has the proper From: listed in the
x-header that this message came from, but there is an x-header with the
wrong From: that outlook then displays on a users client when they open
the message. (And any local Outlook rules act upon)  If I check the
sendmail logs on the message below, it shows the message coming from
whereforeji09 at maycruz.com. 

 
Thanks for any help!
 
Brian
 
Received: from host-92-11-178-251.as43234.net
(host-92-11-178-251.as43234.net [92.11.178.251] (may be forged))
 by callisto.kattenlaw.com (8.13.8/8.13.4) with ESMTP id n84BFvwA012297;
 Fri, 4 Sep 2009 07:16:01 -0400
Received: from 92.11.178.251 by 72.47.228.70; Fri, 4 Sep 2009 12:14:59
+0000
Message-ID: <000d01ca2d50$f124e100$6400a8c0 at whereforeji09>
From: Juliana Rollins <caren.rabinowitz at kattenlaw.com>
To: <caren.rabinowitz at kattenlaw.com>
Subject: Lose 12lbs in 1 month :.
Date: Fri, 4 Sep 2009 12:14:59 +0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="----=_NextPart_000_0007_01CA2D50.F124E100"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1506
X-MimeOLE: Produced By Microsoft MimeOLE 6.00.2800.1506
X-Kattenlaw-MailScanner-Information: 
X-MailScanner-SpamCheck: spam, spamcop.net, zen.spamhaus.org, cbl,
MAPS-ALL
X-MailScanner-From: whereforeji09 at maycruz.com
X-MailScanner-SPAM: yes
Return-Path: whereforeji09 at maycruz.com
X-OriginalArrivalTime: 04 Sep 2009 11:16:13.0588 (UTC)
FILETIME=[1D03F540:01CA2D51
 
 
 
 
 





===========================================================
CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue Service, any tax advice contained herein is not intended or written to be used and cannot be used by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer.
===========================================================
CONFIDENTIALITY NOTICE:
This electronic mail message and any attached files contain information intended for the exclusive use of the individual or entity to whom it is addressed and may contain information that is proprietary, privileged, confidential and/or exempt from disclosure under applicable law.  If you are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or distribution of this information may be subject to legal restriction or sanction.  Please notify the sender, by electronic mail or telephone, of any unintended recipients and delete the original message without making any copies.
===========================================================
NOTIFICATION:  Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has elected to be governed by the Illinois Uniform Partnership Act (1997).
===========================================================
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.mailscanner.info/pipermail/mailscanner/attachments/20090904/14e613f5/attachment.html

More information about the MailScanner mailing list