|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] how to trace Spam back to origin
> I have received an email saying that some ually explicit Spam email > originated on our network. > I have all the headers and the IP in question is the external interface of > one of our routers in the UK. > I don't think this can be correct and I am guessing the IP was spoofed. Is > there anyway to trace all the machines back and prove this? If the header contains an IP from your network it may have been placed there as part of a deception, but it was not likely spoofed. IP spoofing just to send spam is a bit of overkill. If you can verify all of the mail servers in the header between the recipient and your address, then there is a good chance someone used a proxy or open relay in your network. If you can not verify that all of the IP addresses in the header are valid mail servers, then it is possible someone just stuck your address in the header to confuse others. Just for safety sake I would go over that router with a fine tooth comb. You may also want to make sure that noone inside the company has take up a second job as a spammer :) -don ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
