Noticed that the External Relays includes what looks to be an erroneous
entry..
Notice the last entry.. looking at the email headers, the only
conclusion that I can make is that somehow X-Originating-IP gets treated
as an external relay, and I don't think that should be..
Of course many headers can be forged, but notice in this case that
header was injected by the second external relay.. there were no relays
before the relay involved in accepting the email.
Comments? (Let me know if I am not clear, I can always include raw
headers if needed, but I think my point is obvious)
Should that have created a record in the External Relay array?
[ ip=169.239.218.195 rdns=se-filter03-195.tld-mx.com
helo=se-filter03-195.tld-mx.com by=REDACCTED ident= envfrom= intl=0 id=
auth= msa=0 ]
[ ip=169.239.218.51 rdns=cp51.domains.co.za helo=cp51.domains.co.za
by=se-filter03.tld-mx.com ident= envfrom=rev...@cde.co.za intl=0
id=1rOAd4-007W0q-6X auth= msa=0 ]
[ ip=216.73.163.102 rdns= helo=WIN-9UDRVPAB9FG by=cp51.domains.co.za
ident= envfrom=rev...@cde.co.za intl=0 id=1rO6N0-0002Xr-0i auth=esmtpsa
msa=0 ]
[ ip=169.239.218.51 rdns= helo= by= ident= envfrom= intl=0 id= auth=
msa=0 ] (from X-Originating-IP)
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Reg. TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
