Print Page | Close Window

Weird Email Caught by SpamFilter

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=1949
Printed Date: 14 March 2025 at 4:06am


Topic: Weird Email Caught by SpamFilter
Posted By: chinabee
Subject: Weird Email Caught by SpamFilter
Date Posted: 11 September 2003 at 10:10am

What I don't understand is why this email shows up in my quarantine list? SpamFilter shouldn't even receive this as this is not an allowed relay. The reason given was 'reversed DNS not found'

66.46.21.191 is my firewall.

 

Received: from 61.73.48.153 by 192.168.1.201 (LogSat Software SMTP Server) Wed, 10 Sep 2003 15:49:33 -0400
From: mailto:china9988@21cn.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - china9988@21cn.com
Subject: 66.46.21.191
To: mailto:china9988@21cn.com" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - china9988@21cn.com
Date: Fri, 25 Jul 2003 06:32:52 +0900
X-Priority: 3
X-Library: Indy 8.0.25
X-Server: LogSat Software SMTP Server

t_Smtp.LocalIP


Replies:
Posted By: Guests
Date Posted: 12 September 2003 at 12:32pm
Google's your friend :)

http://www.google.com/search?q=t_Smtp.LocalIP&btnG=Google+Search&hl=en&lr=&ie=UTF-8&oe=utf-8" CLASS="ASPForums" TITLE="WARNING: URL created by poster. - http://www.google.com/search?q=t_Smtp.LocalIP&btnG=Google+Search&hl=en&lr=&ie=UTF-8&oe=utf-8

Posted By: chinabee
Date Posted: 12 September 2003 at 6:00pm
Does this mean somebody is probing my server? There's nothing I need to worry?

Posted By: LogSat
Date Posted: 14 September 2003 at 10:36pm

What you are seing are simply email headrs, they do not mean anything. What counts is the RCPT TO command (which you'll see in the SpamFilter activity log), which indicates the actual email address the email is going to be delivered to. If' the RCPT TO is in your local domains, it will be delivered. The senders can put whatever email address they want in the "To:" email header, it does absolutely not have to match with the RCPT TO command.

Before you ask "how is this possible", think that if someone BCCs you on an email, the "To:
header will be the the original email address of the recipient, while the RCPT TO command will contain your email address, which is completely different from the TO. As you see this is a perfectly valid scenario where the two are different.

Roberto F.
LogSat Software


Print Page | Close Window