[CLUE-Admin] Re: CLUE-Tech post from admin@clue.denver.co.us
requires approval
Jed S. Baer
thag at frii.com
Tue Aug 5 09:37:14 MDT 2003
On Mon, 04 Aug 2003 18:36:03 -0600
Lynn Danielson <lynnd at techangle.com> wrote:
> Received: from localhost ([142.3.208.203])
> by clue.denver.co.us (8.9.3/8.9.3) with SMTP id QAA10218
> for <clue-talk at clue.denver.co.us>; Mon, 4 Aug 2003 16:51:16 -0600
> Date: Mon, 4 Aug 2003 16:51:16 -0600
> Message-Id: <200308042251.QAA10218 at clue.denver.co.us>
> From: admin at clue.denver.co.us
> X-Mailer: The Bat! (v1.61)
Just a note, in case anyone's interested, 142.3.208.203 is the University
of Regina, Canada.
If that's the only "Received:" header, then it would appear that someone
has direct access to their network, and is using "The Bat!" in its MTA
mode (Unless there are other "Received:" headers). The "From:" header is
simply spoofed.
Are there many of these (i.e. from that IP address or the uregina.ca
domain)?
jed
--
... it is poor civic hygiene to install technologies that could someday
facilitate a police state. -- Bruce Schneier
More information about the clue-admin
mailing list