 | |
| |
| 28 Mar 2011 | #1 |
| | Received from local host 127.0.0.1 ??????? I've been plauged by trojans and worms in spoofed emails with forged headers. So, I now at least look at the email headers now, even if I do not understand all of it - I had this in the header of 2 emails today: "from localhost ([127.0.0.1] helo=sfs-ml-2.v29.ch3.sourceforge.com) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.74) (envelope-from <sleuthkit-users-bounces@lists.sourceforge.net>) id 1Q47OU-00008s-Gd; Mon, 28 Mar 2011 08:01:46 +0000" What does this mean? Is this a spoofed email header? Thanks in advance for your help! |
My System Specs | |
| 29 Mar 2011 | #2 |
| | Sleuthkit is a collection of open source forensic tools. Did you at any time download those or subscribe to their mailing lists? Old Nabble - The Sleuth Kit forum The Sleuth Kit | Download The Sleuth Kit software for free at SourceForge.net You could just block mail from that sender. |
| My System Specs |
| 29 Mar 2011 | #3 |
| | I didn't look further than the "received from" IP Yes, I did subscribe to the Sleuthkit mailings. I didn't look past the "local host" part - So, even if the "received from" portion of the header says "from local host 127.0.0.1" this by itself doesn't indicate mal/spy ware? I'd just never seen that before, and just assumed it had to be incorrect. I'm paranoid now because of all the forged emails I've had in the past with trojans in them. |
| My System Specs |
| . |
| |
| 29 Mar 2011 | #4 |
| | The "from localhost" is a common issue, has to do something with the way the mail is relayed and how the hosts file is setup and what software is used. But AFAIK, it doesnt indicate any malware. If you want to get into the details, post in the networking subforum. |
| My System Specs |
| 29 Mar 2011 | #5 |
| | 
Quote: Originally Posted by joecrash  "from localhost ([127.0.0.1] helo=sfs-ml-2.v29.ch3.sourceforge.com) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.74) (envelope-from <sleuthkit-users-bounces@lists.sourceforge.net>) id 1Q47OU-00008s-Gd; Mon, 28 Mar 2011 08:01:46 +0000" ! When it says localhost ([127.0.0.1] it is talking about the loopback address on your machine. by sfs-ml-2.v29.ch3.sourceforge.com with esmtp this is the mail server address which uses esmtp (a mail protocol) to send it. (Exim 4.74) is the mail server which sent the mail sleuthkit-users-bounces@lists.sourceforge.net is the email adress it sent from Mon, 28 Mar 2011 08:01:46 is just your date/time stamp for the email. Nothing out of the ordinary here, all this text is in every email, you just normally cant see it. |
| My System Specs |
| 29 Mar 2011 | #6 |
| | Thank you Thanks for looking at that, it lessens my paranoia a bit!  I'll have to research email headers and forging them to be able to pick the bad ones out in the future, but at least I know I'm OK for now. Thanks Again. |
| My System Specs |
| 29 Mar 2011 | #7 |
| | Glad i could be of some assistance.  |
| My System Specs |
 |
Received from local host 127.0.0.1 ??????? problems?
| Thread Tools | |
| Similar help and support threads for: Received from local host 127.0.0.1 ??????? | ||||
| Thread | Forum | |||
| Read only folder on local drive, for local user (Windows 7 pro) | Network & Sharing | |||
| See all reps given and received ? | Chillout Room | |||
| Local Host runs so slow on Windows 7 | Network & Sharing | |||
All times are GMT -5. The time now is 12:28 PM.
