Missing Headers
Question asked by Jay Dubb - 9/13/2023 at 6:32 AM
Here's one we haven't seen before.  Headers in a spam message (the recipient was a BCC):

Received: from [] (port=65243) by sv01.gofox.pt with esmtpa (Exim 4.96) (envelope-from <stthomashospitaluk66@gmail.com>) id 1qgFf7-0004By-2G; Wed, 13 Sep 2023 03:31:28 +0100
From: "St. Thomas' Hospital" <stthomashospitaluk66@gmail.com>
To: Recipients <stthomashospitaluk66@gmail.com>
Subject: Job Vacancy
Date: Tue, 12 Sep 2023 19:31:21 -0700

But we have blocked in the firewall.  We wondered how it got passed the firewall block rule, until we looked at the server's SMTP log for the transaction and found:

[2023.09.12] 22:31:29.373 [][24418393] cmd: EHLO sv01.gofox.pt
[2023.09.12] 22:31:30.014 [][24418393] cmd: MAIL FROM:<stthomashospitaluk66@gmail.com> SIZE=5853
So now we're curious how the sending server at was able deliver a message but the headers show as the last MX to have touched the message.  If Smartermail received it from, why was that shown in the SMTP log but NOT added to the message headers?

1 Reply

Reply to Thread
Kyle Kerst Replied
Employee Post
Hey Jay! To give you a solid answer on how this was possible we'd need to look at the whole session in the SMTP/Delivery and Spam Checks logging unfortunately. But, it looks like someone at Gmail passed you a spoofed EML, which is a rising complaint on the Gmail/Google email server network. These types of attempts are particularly crafty so they can take some investigation to find a pattern. Can you guys submit a ticket on this one please?
Kyle Kerst System/Network Administrator SmarterTools Inc. (877) 357-6278 www.smartertools.com

Reply to Thread