Delivered to: and To: email fields

[rutekp]

Hello,

Some spammers send email using my server. In header of message I have
different address then this message is delivered for. Massage from spammer:
[email protected] is in header message adressed for
[email protected]:, but it was delivered to:
[email protected]. Why is this happend? What patch for qmail should I use?


Header message:
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: (qmail 17089 invoked from network); 3 Aug 2006 15:03:29 +0200
Received: from pool-151-197-185-210.phil.east.verizon.net (HELO
ROBOT.rc0t.com) (151.197.185.210)
by srv1.domain.pl with SMTP; 3 Aug 2006 15:03:29 +0200
Message-ID: <01270571849750.3C33806A70@QJZAPCKK>
From: "Zachariah" <[email protected]>
To: <[email protected]>
Subject: Enjoy secure ordering, lowest possible prices and almost instant
shipment. Be delighted with
Date: Thu, 3 Aug 2006 09:03:12 -0400
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Thread-Index: zVXxufFpIzexEoPKGe0radPPLGCGZ4haLdjX
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit


Logs from qmail:
Aug 3 15:03:30 srv1 qmail: 1154610210.048418 delivery 25672: success:
did_1+0
+2/did_0+0+1/
Aug 3 15:03:30 srv1 spamd[15560]: result: . 0 - FORGED_RCVD_HELO
scantime=0.
5,size=1543,mid=<01270571849750.3C33806A70@QJZAPCKK>,autolearn=ham
Aug 3 15:03:30 srv1 spamd[15560]: clean message (0.1/7.0) for
najem@domain-sa.
com.pl:110 in 0.5 seconds, 1543 bytes.
Aug 3 15:03:29 srv1 qmail: 1154610209.982397 status: local 1/10 remote 0/20
Aug 3 15:03:29 srv1 qmail: 1154610209.982362 delivery 25671: success:
did_1+0
+2/did_0+0+1/
Aug 3 15:03:29 srv1 spamd[16842]: result: . 0 - FORGED_RCVD_HELO
scantime=0.
4,size=1543,mid=<01270571849750.3C33806A70@QJZAPCKK>,autolearn=ham
Aug 3 15:03:29 srv1 spamd[16842]: clean message (0.1/7.0) for
wjaworski@domain
-sa.com.pl:110 in 0.4 seconds, 1543 bytes.
Aug 3 15:03:29 srv1 spamd[15560]: processing message
<01270571849750.3C33806A
70@QJZAPCKK> for [email protected]:110.
Aug 3 15:03:29 srv1 spamd[16842]: processing message
<01270571849750.3C33806A
70@QJZAPCKK> for [email protected]:110.
Aug 3 15:03:29 srv1 spamd[15560]: Using default config for
[email protected]
.pl: /var/qmail/mailnames/domain-sa.com.pl/najem/.spamassassin/user_prefs
Aug 3 15:03:29 srv1 spamd[15560]: got connection over /tmp/spamd_full.sock
Aug 3 15:03:29 srv1 spamd[16842]: Using default config for
wjaworski@domain-sa
.com.pl:
/var/qmail/mailnames/domain-sa.com.pl/wjaworski/.spamassassin/user_pre
fs
Aug 3 15:03:29 srv1 spamd[16842]: got connection over /tmp/spamd_full.sock
Aug 3 15:03:29 srv1 qmail: 1154610209.444360 status: local 2/10 remote 0/20
Aug 3 15:03:29 srv1 qmail: 1154610209.444353 starting delivery 25672: msg
627
19 to local [email protected]
Aug 3 15:03:29 srv1 qmail: 1154610209.444342 status: local 1/10 remote 0/20
Aug 3 15:03:29 srv1 qmail: 1154610209.444323 starting delivery 25671: msg
627
19 to local [email protected]
Aug 3 15:03:29 srv1 qmail: 1154610209.400734 info msg 62719: bytes 1543
from
<[email protected]> qp 17089 uid 2020
Aug 3 15:03:29 srv1 qmail: 1154610209.400709 new msg 62719
Aug 3 15:03:29 srv1 qmail-queue: dwlib[17083]: scan: the
message(drweb.tmp.Er
rGKo) sent by [email protected] to rcpts should be passed
withou
t checks, because contains uncheckable addresses
Aug 3 15:03:29 srv1 qmail-queue: dwlib[17083]: mail: all addreses are
uncheck
able - need to skip scanning (by deny mode)