I received an email in my mailbox today which has given me some concern. The email has the following header -
Received: from EXCHANGE2.local.xxxxxxxxxx.co.uk (192.168.0.72) by
EXCHANGE2.local.xxxxxxxxx.co.uk (192.168.0.72) with Microsoft SMTP Server
(TLS) id 15.0.712.22 via Mailbox Transport; Wed, 21 Aug 2013 14:42:09 +0100
Received: from EXCHANGE2.local.xxxxxxxx.co.uk (192.168.0.72) by
EXCHANGE2.local.xxxxxxxxxx.co.uk (192.168.0.72) with Microsoft SMTP Server
(TLS) id 15.0.712.22; Wed, 21 Aug 2013 14:41:33 +0100
Received: from 10ibl21ser04.datacenter.cha.cantv.net (200.11.173.10) by
EXCHANGE2.local.xxxxxxxxxx.co.uk (192.168.0.72) with Microsoft SMTP Server
id 15.0.712.22 via Frontend Transport; Wed, 21 Aug 2013 14:41:32 +0100
X-Virus-Scanned: amavisd-new at cantv.net
Received: from webmail-06.datacenter.cha.cantv.net
(webmail-06.datacenter.cha.cantv.net [200.11.153.89]) (authenticated bits=0)
by 10ibl21ser04.datacenter.cha.cantv.net (8.14.3/8.14.3/3.0) with ESMTP id
r7LDenkD016671; Wed, 21 Aug 2013 09:10:49 -0430
X-Matched-Lists: []
Received: from 81.91.229.189 ([81.91.229.189]) by
webmail-06.datacenter.cha.cantv.net (Cantv Webmail) with HTTP; Wed, 21 Aug
2013 09:10:49 -0430 (VET)
Date: Wed, 21 Aug 2013 09:10:49 -0430
From: okakaoffice <okakaoffice@cantv.net>
Reply-To: <dhl-expressdeliverycourier56788cmpny@56788.com>
To: <family@mpdeegan.wanadoo.co.u>
Message-ID: <2099142773.5215096.1377092449211.JavaMail.gess@webmail-06.datacenter.cha.cantv.net>
Subject: CONTACT MR. HARRY MORRIS FOR YOUR ATM CARD OF 2.5USD
MIME-Version: 1.0
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Cantv Webmail
X-Originating-IP: [81.91.229.189]
Return-Path: okakaoffice@cantv.net
X-MS-Exchange-Organization-PRD: cantv.net
X-MS-Exchange-Organization-SenderIdResult: Pass
Received-SPF: Pass (EXCHANGE2.local.xxxxxxxxxxx.co.uk: domain of
okakaoffice@cantv.net designates 200.11.173.10 as permitted sender)
receiver=EXCHANGE2.local.xxxxxxxxx.co.uk; client-ip=200.11.173.10;
helo=10ibl21ser04.datacenter.cha.cantv.net;
X-MS-Exchange-Organization-Network-Message-Id: 095595f4-456c-4202-8988-08d06c8b48c8
X-MS-Exchange-Organization-SCL: 6
X-MS-Exchange-Organization-PCL: 2
X-MS-Exchange-Organization-Antispam-Report: DV:3.3.5705.600;SID:SenderIDStatus Pass;OrigIP:200.11.173.10
X-MS-Exchange-Organization-AVStamp-Enterprise: 1.0
X-MS-Exchange-Organization-AuthSource: EXCHANGE2.local.xxxxxxxxxxx.co.uk
X-MS-Exchange-Organization-AuthAs: Anonymous
The message tracking log does indicate that my mail box was the one the message was targeted at. However how does the header say otherwise?
EventId Source Sender Recipients
MessageSubject
------- ------ ------ ----------
--------------
HARED... SMTP okakaoffice@cantv.net {me@xxxxxxxxxx... CONTACT MR. HARRY MORRIS FOR Y...
RECEIVE SMTP
okakaoffice@cantv.net {me@xxxxxxxxxx... CONTACT MR. HARRY MORRIS FOR Y...
AGENT... AGENT okakaoffice@cantv.net {me@xxxxxxxxxx... CONTACT MR. HARRY MORRIS FOR Y...
SEND SMTP
okakaoffice@cantv.net {me@xxxxxxxxxx... CONTACT MR. HARRY MORRIS FOR Y...
DELIVER STORE... okakaoffice@cantv.net {me@xxxxxxxxx... CONTACT MR. HARRY MORRIS FOR Y...
Exchange has been configured to reject email if the receiving mailbox does not exist. In this instanceme@xxxxxxxxxx does exist but how come the header indicates otherwise. family@mpdeegan.wanadoo.co.u does not exist on my server!
Further concerned because the SPF got a pass. How did the spammer do this and have I got something to worry about?
Many thanks in anticipation of your replies.