On Wed, 4 Apr 2001, Jonathan Terbio wrote:
Hi guys,
One of our user receives mail from unknown user from which it used our domain name. I've check its ip address from 206.142.244.24. using the kmail viel all headers. I've check in our server (mail server and internet server) no user exist. Even the nslookup doesn't know the DNS.
Can you help me guys how to check the source of this mail?
It might be that the user is not actually pretending to be from your server. I have experienced several servers that, when seeing a Sender: field in the headers without a domain, simply adds the server's own domain to the name in the field. So something like: Sender: ole becomes Sender: ole@somedomain.com And the owner of somedomain.com would instantly suspect that either a cracker had created an account on his machine, or someone on the net was trying to masquerade as coming from somedomain.com. Regards Ole