[CLUE-Tech] Email Delivery Question

Randy Arabie rrarabie at arabie.org
Tue Oct 1 08:45:37 MDT 2002 

Hi,

I got some spam today, and am curious on how it was routed to me.  Here are 
message headers:


>From birdy at arabie.org Tue Oct  1 08:09:39 2002
Return-Path: <aBEk3q at saturn.seed.net.tw>
Received: from USER (h134-210-66-221.seed.net.tw [210.66.221.134] (may be
    forged))
	by voldemort.arabie.org (8.11.6/8.11.6) with SMTP id g91CMl830470
	for <randy at arabie.org>; Tue, 1 Oct 2002 06:22:48 -0600
Date: Tue, 1 Oct 2002 06:22:48 -0600
Received: from venus
	by tpts7.seed.net.tw with SMTP id CiHNO0W4QSTeG1SgV5UUP0rl;
	Tue, 01 Oct 2002 18:00:56 +0800
Message-ID: <VAnO at pchome.com.tw>
From: birdy at arabie.org
To: 300902-6.txt at voldemort.arabie.org, 300902-2.txt at voldemort.arabie.org,
   300902-3.txt at voldemort.arabie.org, 300902-4.txt at voldemort.arabie.org,
   300902-5.txt at voldemort.arabie.org, 1.txt at voldemort.arabie.org
Subject: =?big5?Q?=C0=B0=B9L=B3\=A6h=A4H=A4]=B3\=A7A=A4]=BB=DD=ADn?=
MIME-Version: 1.0
Content-Type: multipart/related;
	type="multipart/alternative";
	boundary="----=_NextPart_IYi7xVbE0XvTGKpPCqCT5brFxsv5"
X-Mailer: Vd8wCs1qKl2bFmmLT
X-Priority: 3
X-MSMail-Priority: Normal
X-SpamBouncer: 1.4 (10/07/01)
X-SBRule: Small Fry
X-SBRule: Spam Mailer/Dmailer
X-SBRule: Chinese Big 5
X-SBClass: Spam


The 'From:' header was forged, I don't have any 'birdy' users on my system.
That I understand, it is easy to do.

What really puzzles me is the 'To:' headers.  The messages were addressed to 
invalid recipients like 300902-6.txt at voldmort.arabie.org. voldemort.arabie.org
is the fully qualified name of my email server.  But, that server is on my LAN,
and voldemort.arabie.org does not resolve....or shouldn't!  I only have one 
public IP, and DNS Lookups should only work for www.arabie.org, mail.arabie.org.
I port forward all mail traffic to voldemort.

The only think I can think is that someone has a DNS server with voldemort in 
its cache resolving it to my public IP.  Is that possible?

I know the headers contain the name of my mail server, but all my email goes 
out as [user]@arabie.org.  I tried to send myself email addressed using the 
[user]@voldemort.arabie.org, and it gets bounced....'Host Unkown'.  Tried from
my work email and from Yahoo.

Can anyone out there educate me on this, I'd like to learn more.
-- 
Allons Rouler!
        
Randy
http://www.arabie.org/
Stats:    8:05am up 64 days, 10:05, 1 user, load average: 1.01, 1.03, 1.00

More information about the clue-tech mailing list