From owner-freebsd-questions@FreeBSD.ORG Thu May 19 03:52:41 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3729D16A4CE for ; Thu, 19 May 2005 03:52:41 +0000 (GMT) Received: from proxy.ddcom.co.jp (proxy.ddcom.co.jp [211.121.191.163]) by mx1.FreeBSD.org (Postfix) with SMTP id 28CBE43D31 for ; Thu, 19 May 2005 03:52:40 +0000 (GMT) (envelope-from rees@ddcom.co.jp) Received: (qmail 11066 invoked by alias); 19 May 2005 04:03:57 -0000 Received: from unknown (HELO matthew) (10.10.10.11) by mail.ddcom.local with SMTP; 19 May 2005 04:03:57 -0000 Date: Thu, 19 May 2005 12:52:39 +0900 From: Joel To: freebsd-questions@freebsd.org In-Reply-To: <8C72933FE6C89D0-B0C-45179@FWM-D38.sysops.aol.com> References: <8C72933FE6C89D0-B0C-45179@FWM-D38.sysops.aol.com> Message-Id: <20050519123818.B99A.REES@ddcom.co.jp> MIME-Version: 1.0 Content-Type: text/plain; charset="ISO-2022-JP" Content-Transfer-Encoding: 7bit X-Mailer: Becky! ver. 2.00.06 Subject: Re: Finding out original source of e-mail X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 19 May 2005 03:52:41 -0000 > OK....this might not be the right place to aqsk this questions. > But, I'm trying to find the true souce of this e-mail.....is it > possible to do this? > > Thank you > > > http://[looks_like_address_of_message_in_online_mailbox] Not a good idea to put urls like that in public places. If the session is handled right, others can't see it. If the session is handled wrong, it could let arbitrary people get into your mail account. > The original message was received at Tue, 17 May 2005 15:29:57 -0400 (EDT) > from root@localhost > > > *** ATTENTION *** > > Your e-mail is being returned to you because there was a problem with its > delivery. The address which was undeliverable is listed in the section > labeled: "----- The following addresses had permanent fatal errors -----". I've seen a lot of these lately with attachments that purport to be either the mail being returned or some program for fixing whatever problem caused the bounce. DO NOT OPEN THOSE ATTACHMENTS!! (Except perhaps with a hex editor from the command line, if you have a hobby of analyzing malware. Better to view the source, though.) If there is an attachment, assume it's malware. The bounce is probably not a bounce from a joe job, is probably not a real bounce at all. It is probably actually a spoofed bounce, yet another way to phish. -- Joel Rees digitcom, inc. 株式会社デジコム Kobe, Japan +81-78-672-8800 ** ** Give a man a phish and he eats your lunch. Teach a man to phish and, ... no, wait. Don't do that.