[Mimedefang] Negative addresses??
kelson at speed.net
Fri Dec 2 20:17:22 EST 2005
Ashley M. Kirchner wrote:
> Can someone explain this to me? It's from a spam message (in fact, a
> lot of them are coming through MD+SA these days) and they all show the
> same thing, negative numbers:
> Received: from -1216216520 ([22.214.171.124])
> by serpico.pcraft.com (8.13.0/8.13.0) with SMTP id jB30Mott008917
> for <ashley.kirchner at highpeaks.org>; Fri, 2 Dec 2005 17:22:54 -0700
Here it looks like the negative number is actually the HELO string,
which can be set to pretty much anything.
> Received: from goprat.com (-1216301840 [-1213314064])
> by ghfixtures.com (Qmailv1) with ESMTP id 8568A5A816
> for <ashley.kirchner at highpeaks.org>; Fri, 02 Dec 2005 17:22:58 -0800
Assuming serpico.pcraft.com is your server, this line is probably
forged, so again anything could go into the spots.
If I were to guess, someone has spamwarethat's generating random numbers
for fake IP addresses, but has an error in formatting, so they're
getting displayed as negative integers instead of dotted quads.
SpeedGate Communications <www.speed.net>
More information about the MIMEDefang