RE: Internet Mail Header Investigation
Ok...this is starting to hack me off. It's not my e-mail client or the web page. The list bot will not let me paste the mail header in this e-mail...I have tried 4x now and keep getting rejection notices from internet.com. Being a male computer geek, you'd think I'd be used to rejection by now...darn list bot must be female. ;0P Any help would be appreciated. JB -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 8:56 AM To: Exchange Discussions Subject: Internet Mail Header Investigation Folks, I have a slight SPAM problem I would like some help with if possible, so put on your thinking caps. I have read several RFC's and Technet articles about how things are supposed to work, but none of them seem to cover interpreting the sequence of events. Also, several things just don't make sense to me. I've only been an MS Exchange Admin for about 1-1/2 years, so I still have a lot to learn. This message is a little long, but you folks are always clamoring for details, so I thought I would be as detailed as I could. The header for the e-mail in question is going to come in the next post (having problems posting). Three copies of this e-mail were sent directly to my postmaster mailbox from an account in Japan (+0900 GMT puts it in this timezone). This didn't concern me that much, because RFC822 states that all mail orgs are supposed to have a postmaster account that people can send complaints to, so it would be easy to guess. If one person in our mail org got themselves on a list they shouldn't, then they just had to add the postmaster account to the front of the domain name. However, when I started taking a closer look, that's when I began to get worried. Let me explain our configuration here: 1. The ISP has an MX record that says our mail server is located at ourcompany.com or IMS.ourcompany.com 2. Our MX record states that ourcompany.com is equal to internal addresses of ourcompany.gov or IMS.ourcompany.gov. 3. Internet mail comes in through a boundary router, through the firewall to the Mail Relayer (named mr.ourcompany.com in the header below). 4. MR is a Linux 7.0 workstation, running Qmail 1.03 and QmailScanner 0.94. 5. MR checks to make sure that mail is being sent to a legitimate domain extension. If legit, sends it on to the IMS. If not, drops it in a holdmail queue. It also blocks mail based on attachment or subject type. 6. Once to the IMS, delivered to client. Client mail goes from client to IMS, IMS to Proxy Server and out through the boundary router. 7. Mail servers are Win2k, SP2 servers running Ex5.5, SP4+3 (MTA, IS and Q282533). Here are my concerns: 1. In the 5th and 6th Received: lines down, it looks like the IMS was the first machine to process this mail. The original IP address next to the name was actually the external interface to the Proxy Server. This would suggest to me, that it actually took the reverse route in through the Proxy/IMS, instead of through the Firewall/MR. How is this possible? 2. In the first From: field of the header, it shows as coming from [EMAIL PROTECTED] However, in the second From: field of the header, it shows as coming from [EMAIL PROTECTED] Is this guy spamming thousands of people and making it look like it came from me? 3. In the original header, the IMS.ourcompany.com contained the actual internal server name of our IMS. How does someone in Japan find out the internal name of one of our servers, without a security leak on our end? I appreciate any help you folks can give me...please don't flame me too bad. I have to be recognizable to my wife and kids when I get home, or they won't let me in the door to eat dinner...and I'm starved! ;O) Thanks in advance, James H (Jim) Blunt Network / Exchange Admin Network Infrastructure Group Bechtel Hanford, Inc. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Internet Mail Header Investigation
Friggin Lyris won't let you send it because the first thing is sees in your email is the mail commands and it won't accept those. Begin your message with Friggin Lyris to your message and it should get through... Backup not found: (A)bort (R)etry (P)anic -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 9:01 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Ok...this is starting to hack me off. It's not my e-mail client or the web page. The list bot will not let me paste the mail header in this e-mail...I have tried 4x now and keep getting rejection notices from internet.com. Being a male computer geek, you'd think I'd be used to rejection by now...darn list bot must be female. ;0P Any help would be appreciated. JB -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 8:56 AM To: Exchange Discussions Subject: Internet Mail Header Investigation Folks, I have a slight SPAM problem I would like some help with if possible, so put on your thinking caps. I have read several RFC's and Technet articles about how things are supposed to work, but none of them seem to cover interpreting the sequence of events. Also, several things just don't make sense to me. I've only been an MS Exchange Admin for about 1-1/2 years, so I still have a lot to learn. This message is a little long, but you folks are always clamoring for details, so I thought I would be as detailed as I could. The header for the e-mail in question is going to come in the next post (having problems posting). Three copies of this e-mail were sent directly to my postmaster mailbox from an account in Japan (+0900 GMT puts it in this timezone). This didn't concern me that much, because RFC822 states that all mail orgs are supposed to have a postmaster account that people can send complaints to, so it would be easy to guess. If one person in our mail org got themselves on a list they shouldn't, then they just had to add the postmaster account to the front of the domain name. However, when I started taking a closer look, that's when I began to get worried. Let me explain our configuration here: 1. The ISP has an MX record that says our mail server is located at ourcompany.com or IMS.ourcompany.com 2. Our MX record states that ourcompany.com is equal to internal addresses of ourcompany.gov or IMS.ourcompany.gov. 3. Internet mail comes in through a boundary router, through the firewall to the Mail Relayer (named mr.ourcompany.com in the header below). 4. MR is a Linux 7.0 workstation, running Qmail 1.03 and QmailScanner 0.94. 5. MR checks to make sure that mail is being sent to a legitimate domain extension. If legit, sends it on to the IMS. If not, drops it in a holdmail queue. It also blocks mail based on attachment or subject type. 6. Once to the IMS, delivered to client. Client mail goes from client to IMS, IMS to Proxy Server and out through the boundary router. 7. Mail servers are Win2k, SP2 servers running Ex5.5, SP4+3 (MTA, IS and Q282533). Here are my concerns: 1. In the 5th and 6th Received: lines down, it looks like the IMS was the first machine to process this mail. The original IP address next to the name was actually the external interface to the Proxy Server. This would suggest to me, that it actually took the reverse route in through the Proxy/IMS, instead of through the Firewall/MR. How is this possible? 2. In the first From: field of the header, it shows as coming from [EMAIL PROTECTED] However, in the second From: field of the header, it shows as coming from [EMAIL PROTECTED] Is this guy spamming thousands of people and making it look like it came from me? 3. In the original header, the IMS.ourcompany.com contained the actual internal server name of our IMS. How does someone in Japan find out the internal name of one of our servers, without a security leak on our end? I appreciate any help you folks can give me...please don't flame me too bad. I have to be recognizable to my wife and kids when I get home, or they won't let me in the door to eat dinner...and I'm starved! ;O) Thanks in advance, James H (Jim) Blunt Network / Exchange Admin Network Infrastructure Group Bechtel Hanford, Inc. _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ
RE: Internet Mail Header Investigation
Don... Tried that. Didn't work. Originally, the header was going to be at the bottom of my original post, but it didn't like that either. Tried removing all the blank lines in the header, thinking maybe there was something there that the listbot was interpreting as an attachment...still didn't like it. I am getting frustrated. I would like to be able to get some help with this SPAM problem, but I realize there is probably not a lot you can do until you see the header. I'll keep trying... Jim -Original Message- From: Don Ely [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 9:00 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Friggin Lyris won't let you send it because the first thing is sees in your email is the mail commands and it won't accept those. Begin your message with Friggin Lyris to your message and it should get through... Backup not found: (A)bort (R)etry (P)anic -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 9:01 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Ok...this is starting to hack me off. It's not my e-mail client or the web page. The list bot will not let me paste the mail header in this e-mail...I have tried 4x now and keep getting rejection notices from internet.com. Being a male computer geek, you'd think I'd be used to rejection by now...darn list bot must be female. ;0P Any help would be appreciated. JB -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 8:56 AM To: Exchange Discussions Subject: Internet Mail Header Investigation Folks, I have a slight SPAM problem I would like some help with if possible, so put on your thinking caps. I have read several RFC's and Technet articles about how things are supposed to work, but none of them seem to cover interpreting the sequence of events. Also, several things just don't make sense to me. I've only been an MS Exchange Admin for about 1-1/2 years, so I still have a lot to learn. This message is a little long, but you folks are always clamoring for details, so I thought I would be as detailed as I could. The header for the e-mail in question is going to come in the next post (having problems posting). Three copies of this e-mail were sent directly to my postmaster mailbox from an account in Japan (+0900 GMT puts it in this timezone). This didn't concern me that much, because RFC822 states that all mail orgs are supposed to have a postmaster account that people can send complaints to, so it would be easy to guess. If one person in our mail org got themselves on a list they shouldn't, then they just had to add the postmaster account to the front of the domain name. However, when I started taking a closer look, that's when I began to get worried. Let me explain our configuration here: 1. The ISP has an MX record that says our mail server is located at ourcompany.com or IMS.ourcompany.com 2. Our MX record states that ourcompany.com is equal to internal addresses of ourcompany.gov or IMS.ourcompany.gov. 3. Internet mail comes in through a boundary router, through the firewall to the Mail Relayer (named mr.ourcompany.com in the header below). 4. MR is a Linux 7.0 workstation, running Qmail 1.03 and QmailScanner 0.94. 5. MR checks to make sure that mail is being sent to a legitimate domain extension. If legit, sends it on to the IMS. If not, drops it in a holdmail queue. It also blocks mail based on attachment or subject type. 6. Once to the IMS, delivered to client. Client mail goes from client to IMS, IMS to Proxy Server and out through the boundary router. 7. Mail servers are Win2k, SP2 servers running Ex5.5, SP4+3 (MTA, IS and Q282533). Here are my concerns: 1. In the 5th and 6th Received: lines down, it looks like the IMS was the first machine to process this mail. The original IP address next to the name was actually the external interface to the Proxy Server. This would suggest to me, that it actually took the reverse route in through the Proxy/IMS, instead of through the Firewall/MR. How is this possible? 2. In the first From: field of the header, it shows as coming from [EMAIL PROTECTED] However, in the second From: field of the header, it shows as coming from [EMAIL PROTECTED] Is this guy spamming thousands of people and making it look like it came from me? 3. In the original header, the IMS.ourcompany.com contained the actual internal server name of our IMS. How does someone in Japan find out the internal name of one of our servers, without a security leak on our end? I appreciate any help you folks can give me...please don't flame me too bad. I have to be recognizable to my wife and kids when I get home, or they won't let me in the door to eat dinner...and I'm starved! ;O) Thanks in advance, James H (Jim) Blunt Network / Exchange Admin Network Infrastructure Group Bechtel
RE: Internet Mail Header Investigation
Ok...let's try sending this in pieces... Received: from mr.ourcompany.com ([xxx.xxx.xxx.xxx]) by IMS.ourcompany.gov with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id XVZ0J31D; Wed, 28 Nov 2001 18:03:42 -0800 Received: (qmail 4027 invoked by uid 104); 29 Nov 2001 00:34:16 - Received: from by mr-new.ourcompany.com with qmail-scanner-0.94 (. Clean. Processed in 9.100323 secs); 28/11/2001 16:34:07 Received: from unknown (HELO nis.lapha.com) (211.52.19.18) by mr.ourcompany.com with SMTP; 29 Nov 2001 00:34:06 - Received: from IMS.ourcompany.gov ([xxx.xxx.xxx.xxx]) by nis.lapha.com (Lotus Domino Release 5.0.6a) with ESMTP id 2001112822195643:24 ; Wed, 28 Nov 2001 22:19:56 +0900 Received: by IMS.ourcompany.gov with Internet Mail Service (5.5.2653.19) id XVZ0JKH3; Wed, 28 Nov 2001 05:21:14 -0800 Message-ID: [EMAIL PROTECTED] From: [EMAIL PROTECTED] To: System Administrator [EMAIL PROTECTED] Subject: =?euc-kr?B?uei03iC9x8bQOiBVc2VyIGZlbGxvd19hbWVyaWNhbiVwcmlkZV9vZg==?= =?us-ascii?Q?=5Famerica?= ([EMAIL PROTECTED]) not listed in public Name Address Book Date: Wed, 28 Nov 2001 05:21:13 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) X-MS-Embedded-Report: X-MIMETrack: Itemize by SMTP Server on nis/Lapha(Release 5.0.6a |January 17, 2001) at 2001-11-28 10:19:58 PM, Serialize by Router on nis/Lapha(Release 5.0.6a |January 17, 2001) at 2001-11-29 11:02:11 AM, Serialize complete at 2001-11-29 11:02:11 AM Content-Type: multipart/report; report-type=delivery-status; boundary===IFJRGLKFGIR46408UHRUHIHD -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 8:56 AM To: Exchange Discussions Subject: Internet Mail Header Investigation Folks, I have a slight SPAM problem I would like some help with if possible, so put on your thinking caps. I have read several RFC's and Technet articles about how things are supposed to work, but none of them seem to cover interpreting the sequence of events. Also, several things just don't make sense to me. I've only been an MS Exchange Admin for about 1-1/2 years, so I still have a lot to learn. This message is a little long, but you folks are always clamoring for details, so I thought I would be as detailed as I could. The header for the e-mail in question is going to come in the next post (having problems posting). Three copies of this e-mail were sent directly to my postmaster mailbox from an account in Japan (+0900 GMT puts it in this timezone). This didn't concern me that much, because RFC822 states that all mail orgs are supposed to have a postmaster account that people can send complaints to, so it would be easy to guess. If one person in our mail org got themselves on a list they shouldn't, then they just had to add the postmaster account to the front of the domain name. However, when I started taking a closer look, that's when I began to get worried. Let me explain our configuration here: 1. The ISP has an MX record that says our mail server is located at ourcompany.com or IMS.ourcompany.com 2. Our MX record states that ourcompany.com is equal to internal addresses of ourcompany.gov or IMS.ourcompany.gov. 3. Internet mail comes in through a boundary router, through the firewall to the Mail Relayer (named mr.ourcompany.com in the header below). 4. MR is a Linux 7.0 workstation, running Qmail 1.03 and QmailScanner 0.94. 5. MR checks to make sure that mail is being sent to a legitimate domain extension. If legit, sends it on to the IMS. If not, drops it in a holdmail queue. It also blocks mail based on attachment or subject type. 6. Once to the IMS, delivered to client. Client mail goes from client to IMS, IMS to Proxy Server and out through the boundary router. 7. Mail servers are Win2k, SP2 servers running Ex5.5, SP4+3 (MTA, IS and Q282533). Here are my concerns: 1. In the 5th and 6th Received: lines down, it looks like the IMS was the first machine to process this mail. The original IP address next to the name was actually the external interface to the Proxy Server. This would suggest to me, that it actually took the reverse route in through the Proxy/IMS, instead of through the Firewall/MR. How is this possible? 2. In the first From: field of the header, it shows as coming from [EMAIL PROTECTED] However, in the second From: field of the header, it shows as coming from [EMAIL PROTECTED] Is this guy spamming thousands of people and making it look like it came from me? 3. In the original header, the IMS.ourcompany.com contained the actual internal server name of our IMS. How does someone in Japan find out the internal name of one of our servers, without a security leak on our end? I appreciate any help you folks can give me...please don't flame me too bad. I have to be recognizable to my wife and kids when I get home, or they won't let me in the door to eat dinner...and
RE: Internet Mail Header Investigation
Part 3... Message-ID: [EMAIL PROTECTED] From: fellow_american@pride_of_america To: Subject: FREE American Flag Pin - No purchase necessary 15615 Date: Tue, 27 Nov 2001 23:33:37 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) X-MS-Embedded-Report: Content-Type: text/plain; charset=iso-8859-1 --_=_NextPart_000_01C1780F.8D84D950-- --==IFJRGLKFGIR46408UHRUHIHD-- -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 10:12 AM To: Exchange Discussions Subject: FW: Internet Mail Header Investigation Part 2... Received: from IMS.ourcompany.gov ([xxx.xxx.xxx.xxx]) by nis.lapha.com (Lotus Domino Release 5.0.6a) with ESMTP id 2001112822195643:24 ; Wed, 28 Nov 2001 22:19:56 +0900 Received: by IMS.ourcompany.gov with Internet Mail Service (5.5.2653.19) id XVZ0JKH3; Wed, 28 Nov 2001 05:21:14 -0800 Message-ID: [EMAIL PROTECTED] From: System Administrator [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Undeliverable: FREE American Flag Pin - No purchase necessary 15615 Date: Wed, 28 Nov 2001 05:21:13 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) X-MS-Embedded-Report: X-MIMETrack: Itemize by SMTP Server on nis/Lapha(Release 5.0.6a |January 17, 2001) at 2001-11-28 10:19:58 PM, Serialize by Router on nis/Lapha(Release 5.0.6a |January 17, 2001) at 2001-11-29 11:02:11 AM, Serialize complete at 2001-11-29 11:02:11 AM This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 10:05 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Ok...let's try sending this in pieces... Received: from mr.ourcompany.com ([xxx.xxx.xxx.xxx]) by IMS.ourcompany.gov with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id XVZ0J31D; Wed, 28 Nov 2001 18:03:42 -0800 Received: (qmail 4027 invoked by uid 104); 29 Nov 2001 00:34:16 - Received: from by mr-new.ourcompany.com with qmail-scanner-0.94 (. Clean. Processed in 9.100323 secs); 28/11/2001 16:34:07 Received: from unknown (HELO nis.lapha.com) (211.52.19.18) by mr.ourcompany.com with SMTP; 29 Nov 2001 00:34:06 - Received: from IMS.ourcompany.gov ([xxx.xxx.xxx.xxx]) by nis.lapha.com (Lotus Domino Release 5.0.6a) with ESMTP id 2001112822195643:24 ; Wed, 28 Nov 2001 22:19:56 +0900 Received: by IMS.ourcompany.gov with Internet Mail Service (5.5.2653.19) id XVZ0JKH3; Wed, 28 Nov 2001 05:21:14 -0800 Message-ID: [EMAIL PROTECTED] From: [EMAIL PROTECTED] To: System Administrator [EMAIL PROTECTED] Subject: =?euc-kr?B?uei03iC9x8bQOiBVc2VyIGZlbGxvd19hbWVyaWNhbiVwcmlkZV9vZg==?= =?us-ascii?Q?=5Famerica?= ([EMAIL PROTECTED]) not listed in public Name Address Book Date: Wed, 28 Nov 2001 05:21:13 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) X-MS-Embedded-Report: X-MIMETrack: Itemize by SMTP Server on nis/Lapha(Release 5.0.6a |January 17, 2001) at 2001-11-28 10:19:58 PM, Serialize by Router on nis/Lapha(Release 5.0.6a |January 17, 2001) at 2001-11-29 11:02:11 AM, Serialize complete at 2001-11-29 11:02:11 AM Content-Type: multipart/report; report-type=delivery-status; boundary===IFJRGLKFGIR46408UHRUHIHD -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 8:56 AM To: Exchange Discussions Subject: Internet Mail Header Investigation Folks, I have a slight SPAM problem I would like some help with if possible, so put on your thinking caps. I have read several RFC's and Technet articles about how things are supposed to work, but none of them seem to cover interpreting the sequence of events. Also, several things just don't make sense to me. I've only been an MS Exchange Admin for about 1-1/2 years, so I still have a lot to learn. This message is a little long, but you folks are always clamoring for details, so I thought I would be as detailed as I could. The header for the e-mail in question is going to come in the next post (having problems posting). Three copies of this e-mail were sent directly to my postmaster mailbox from an account in Japan (+0900 GMT puts it in this timezone). This didn't concern me that much, because RFC822 states that all mail orgs are supposed to have a postmaster account that people can send complaints to, so it would be easy to guess. If one person in our mail org got themselves on a list they shouldn't, then they just had to add the postmaster account to the front of the domain name. However, when I started taking a closer look, that's when I began to get worried. Let me explain our configuration here: 1. The ISP has an MX record that says our mail server is located
RE: Internet Mail Header Investigation
There you have it...that's the header file. You actually want to start reading the header file from the bottom of this post up... TIA for the help. JB -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 10:14 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Part 3... Message-ID: [EMAIL PROTECTED] From: fellow_american@pride_of_america To: Subject: FREE American Flag Pin - No purchase necessary 15615 Date: Tue, 27 Nov 2001 23:33:37 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) X-MS-Embedded-Report: Content-Type: text/plain; charset=iso-8859-1 --_=_NextPart_000_01C1780F.8D84D950-- --==IFJRGLKFGIR46408UHRUHIHD-- -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 10:12 AM To: Exchange Discussions Subject: FW: Internet Mail Header Investigation Part 2... Received: from IMS.ourcompany.gov ([xxx.xxx.xxx.xxx]) by nis.lapha.com (Lotus Domino Release 5.0.6a) with ESMTP id 2001112822195643:24 ; Wed, 28 Nov 2001 22:19:56 +0900 Received: by IMS.ourcompany.gov with Internet Mail Service (5.5.2653.19) id XVZ0JKH3; Wed, 28 Nov 2001 05:21:14 -0800 Message-ID: [EMAIL PROTECTED] From: System Administrator [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Undeliverable: FREE American Flag Pin - No purchase necessary 15615 Date: Wed, 28 Nov 2001 05:21:13 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) X-MS-Embedded-Report: X-MIMETrack: Itemize by SMTP Server on nis/Lapha(Release 5.0.6a |January 17, 2001) at 2001-11-28 10:19:58 PM, Serialize by Router on nis/Lapha(Release 5.0.6a |January 17, 2001) at 2001-11-29 11:02:11 AM, Serialize complete at 2001-11-29 11:02:11 AM This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 10:05 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Ok...let's try sending this in pieces... Received: from mr.ourcompany.com ([xxx.xxx.xxx.xxx]) by IMS.ourcompany.gov with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id XVZ0J31D; Wed, 28 Nov 2001 18:03:42 -0800 Received: (qmail 4027 invoked by uid 104); 29 Nov 2001 00:34:16 - Received: from by mr-new.ourcompany.com with qmail-scanner-0.94 (. Clean. Processed in 9.100323 secs); 28/11/2001 16:34:07 Received: from unknown (HELO nis.lapha.com) (211.52.19.18) by mr.ourcompany.com with SMTP; 29 Nov 2001 00:34:06 - Received: from IMS.ourcompany.gov ([xxx.xxx.xxx.xxx]) by nis.lapha.com (Lotus Domino Release 5.0.6a) with ESMTP id 2001112822195643:24 ; Wed, 28 Nov 2001 22:19:56 +0900 Received: by IMS.ourcompany.gov with Internet Mail Service (5.5.2653.19) id XVZ0JKH3; Wed, 28 Nov 2001 05:21:14 -0800 Message-ID: [EMAIL PROTECTED] From: [EMAIL PROTECTED] To: System Administrator [EMAIL PROTECTED] Subject: =?euc-kr?B?uei03iC9x8bQOiBVc2VyIGZlbGxvd19hbWVyaWNhbiVwcmlkZV9vZg==?= =?us-ascii?Q?=5Famerica?= ([EMAIL PROTECTED]) not listed in public Name Address Book Date: Wed, 28 Nov 2001 05:21:13 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) X-MS-Embedded-Report: X-MIMETrack: Itemize by SMTP Server on nis/Lapha(Release 5.0.6a |January 17, 2001) at 2001-11-28 10:19:58 PM, Serialize by Router on nis/Lapha(Release 5.0.6a |January 17, 2001) at 2001-11-29 11:02:11 AM, Serialize complete at 2001-11-29 11:02:11 AM Content-Type: multipart/report; report-type=delivery-status; boundary===IFJRGLKFGIR46408UHRUHIHD -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 8:56 AM To: Exchange Discussions Subject: Internet Mail Header Investigation Folks, I have a slight SPAM problem I would like some help with if possible, so put on your thinking caps. I have read several RFC's and Technet articles about how things are supposed to work, but none of them seem to cover interpreting the sequence of events. Also, several things just don't make sense to me. I've only been an MS Exchange Admin for about 1-1/2 years, so I still have a lot to learn. This message is a little long, but you folks are always clamoring for details, so I thought I would be as detailed as I could. The header for the e-mail in question is going to come in the next post (having problems posting). Three copies of this e-mail were sent directly to my postmaster mailbox from an account in Japan (+0900 GMT puts it in this timezone). This didn't concern me that much, because RFC822 states that all mail orgs are supposed to have a postmaster account that people can send complaints to, so it would be easy to guess
RE: Internet Mail Header Investigation
No...it's not an open relay...double-checked the Exchange Server settings and the RBL (Realtime Blackhole List). And yes, that REALLY is just one mail header. It takes 2-1/2 pages to print it out in it's entirety. In the process of triple-checking my relay settings again by reading the article below. Jim Blunt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 10:30 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Is your server an open relay? http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=7696 also available here: http://downloads.members.tripod.com/ladysun1969/misc/relay.tif ps. are you sure that's all from one message? It looks like 3 different message headers -Michèle Immigration site: http://LadySun1969.tripod.com The Miata: http://members.cardomain.com/bpituley Tiggercam: http://www.tiggercam.co.uk - Every old idea will be proposed again with a different name and a different presentation, regardless of whether it works. - RFC1925 - -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 1:17 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation There you have it...that's the header file. You actually want to start reading the header file from the bottom of this post up... TIA for the help. JB -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 10:14 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Part 3... Message-ID: [EMAIL PROTECTED] From: fellow_american@pride_of_america To: Subject: FREE American Flag Pin - No purchase necessary 15615 Date: Tue, 27 Nov 2001 23:33:37 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) X-MS-Embedded-Report: Content-Type: text/plain; charset=iso-8859-1 --_=_NextPart_000_01C1780F.8D84D950-- --==IFJRGLKFGIR46408UHRUHIHD-- -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 10:12 AM To: Exchange Discussions Subject: FW: Internet Mail Header Investigation Part 2... Received: from IMS.ourcompany.gov ([xxx.xxx.xxx.xxx]) by nis.lapha.com (Lotus Domino Release 5.0.6a) with ESMTP id 2001112822195643:24 ; Wed, 28 Nov 2001 22:19:56 +0900 Received: by IMS.ourcompany.gov with Internet Mail Service (5.5.2653.19) id XVZ0JKH3; Wed, 28 Nov 2001 05:21:14 -0800 Message-ID: [EMAIL PROTECTED] From: System Administrator [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Undeliverable: FREE American Flag Pin - No purchase necessary 15615 Date: Wed, 28 Nov 2001 05:21:13 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) X-MS-Embedded-Report: X-MIMETrack: Itemize by SMTP Server on nis/Lapha(Release 5.0.6a |January 17, 2001) at 2001-11-28 10:19:58 PM, Serialize by Router on nis/Lapha(Release 5.0.6a |January 17, 2001) at 2001-11-29 11:02:11 AM, Serialize complete at 2001-11-29 11:02:11 AM This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 10:05 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Ok...let's try sending this in pieces... Received: from mr.ourcompany.com ([xxx.xxx.xxx.xxx]) by IMS.ourcompany.gov with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id XVZ0J31D; Wed, 28 Nov 2001 18:03:42 -0800 Received: (qmail 4027 invoked by uid 104); 29 Nov 2001 00:34:16 - Received: from by mr-new.ourcompany.com with qmail-scanner-0.94 (. Clean. Processed in 9.100323 secs); 28/11/2001 16:34:07 Received: from unknown (HELO nis.lapha.com) (211.52.19.18) by mr.ourcompany.com with SMTP; 29 Nov 2001 00:34:06 - Received: from IMS.ourcompany.gov ([xxx.xxx.xxx.xxx]) by nis.lapha.com (Lotus Domino Release 5.0.6a) with ESMTP id 2001112822195643:24 ; Wed, 28 Nov 2001 22:19:56 +0900 Received: by IMS.ourcompany.gov with Internet Mail Service (5.5.2653.19) id XVZ0JKH3; Wed, 28 Nov 2001 05:21:14 -0800 Message-ID: [EMAIL PROTECTED] From: [EMAIL PROTECTED] To: System Administrator [EMAIL PROTECTED] Subject: =?euc-kr?B?uei03iC9x8bQOiBVc2VyIGZlbGxvd19hbWVyaWNhbiVwcmlkZV9vZg==?= =?us-ascii?Q?=5Famerica?= ([EMAIL PROTECTED]) not listed in public Name Address Book Date: Wed, 28 Nov 2001 05:21:13 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) X-MS-Embedded-Report: X-MIMETrack: Itemize by SMTP Server on nis/Lapha(Release 5.0.6a |January 17, 2001) at 2001-11-28 10:19:58 PM, Serialize
RE: Internet Mail Header Investigation
It sure sounds like the Linux box is a wide open relay. -- Roger D. Seielstad - MCSE MCT Senior Systems Administrator Peregrine Systems Atlanta, GA http://www.peregrine.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 1:30 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Is your server an open relay? http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=7696 also available here: http://downloads.members.tripod.com/ladysun1969/misc/relay.tif ps. are you sure that's all from one message? It looks like 3 different message headers -Michèle Immigration site: http://LadySun1969.tripod.com The Miata: http://members.cardomain.com/bpituley Tiggercam: http://www.tiggercam.co.uk - Every old idea will be proposed again with a different name and a different presentation, regardless of whether it works. - RFC1925 - -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 1:17 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation There you have it...that's the header file. You actually want to start reading the header file from the bottom of this post up... TIA for the help. JB -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 10:14 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Part 3... Message-ID: [EMAIL PROTECTED] From: fellow_american@pride_of_america To: Subject: FREE American Flag Pin - No purchase necessary 15615 Date: Tue, 27 Nov 2001 23:33:37 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) X-MS-Embedded-Report: Content-Type: text/plain; charset=iso-8859-1 --_=_NextPart_000_01C1780F.8D84D950-- --==IFJRGLKFGIR46408UHRUHIHD-- -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 10:12 AM To: Exchange Discussions Subject: FW: Internet Mail Header Investigation Part 2... Received: from IMS.ourcompany.gov ([xxx.xxx.xxx.xxx]) by nis.lapha.com (Lotus Domino Release 5.0.6a) with ESMTP id 2001112822195643:24 ; Wed, 28 Nov 2001 22:19:56 +0900 Received: by IMS.ourcompany.gov with Internet Mail Service (5.5.2653.19) id XVZ0JKH3; Wed, 28 Nov 2001 05:21:14 -0800 Message-ID: [EMAIL PROTECTED] From: System Administrator [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Undeliverable: FREE American Flag Pin - No purchase necessary 15615 Date: Wed, 28 Nov 2001 05:21:13 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) X-MS-Embedded-Report: X-MIMETrack: Itemize by SMTP Server on nis/Lapha(Release 5.0.6a |January 17, 2001) at 2001-11-28 10:19:58 PM, Serialize by Router on nis/Lapha(Release 5.0.6a |January 17, 2001) at 2001-11-29 11:02:11 AM, Serialize complete at 2001-11-29 11:02:11 AM This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 10:05 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Ok...let's try sending this in pieces... Received: from mr.ourcompany.com ([xxx.xxx.xxx.xxx]) by IMS.ourcompany.gov with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id XVZ0J31D; Wed, 28 Nov 2001 18:03:42 -0800 Received: (qmail 4027 invoked by uid 104); 29 Nov 2001 00:34:16 - Received: from by mr-new.ourcompany.com with qmail-scanner-0.94 (. Clean. Processed in 9.100323 secs); 28/11/2001 16:34:07 Received: from unknown (HELO nis.lapha.com) (211.52.19.18) by mr.ourcompany.com with SMTP; 29 Nov 2001 00:34:06 - Received: from IMS.ourcompany.gov ([xxx.xxx.xxx.xxx]) by nis.lapha.com (Lotus Domino Release 5.0.6a) with ESMTP id 2001112822195643:24 ; Wed, 28 Nov 2001 22:19:56 +0900 Received: by IMS.ourcompany.gov with Internet Mail Service (5.5.2653.19) id XVZ0JKH3; Wed, 28 Nov 2001 05:21:14 -0800 Message-ID: [EMAIL PROTECTED] From: [EMAIL PROTECTED] To: System Administrator [EMAIL PROTECTED] Subject: =?euc-kr?B?uei03iC9x8bQOiBVc2VyIGZlbGxvd19hbWVyaWNhbiVwcmlkZV9vZg==?= =?us-ascii?Q?=5Famerica?= ([EMAIL PROTECTED]) not listed in public Name Address Book Date: Wed, 28 Nov 2001 05:21:13 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) X-MS-Embedded-Report: X-MIMETrack: Itemize by SMTP Server on nis/Lapha(Release 5.0.6a
RE: Internet Mail Header Investigation
I'm thinking its the Linux box that's an open relay, not Exchange. -- Roger D. Seielstad - MCSE MCT Senior Systems Administrator Peregrine Systems Atlanta, GA http://www.peregrine.com -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 1:45 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation No...it's not an open relay...double-checked the Exchange Server settings and the RBL (Realtime Blackhole List). And yes, that REALLY is just one mail header. It takes 2-1/2 pages to print it out in it's entirety. In the process of triple-checking my relay settings again by reading the article below. Jim Blunt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 10:30 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Is your server an open relay? http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=7696 also available here: http://downloads.members.tripod.com/ladysun1969/misc/relay.tif ps. are you sure that's all from one message? It looks like 3 different message headers -Michèle Immigration site: http://LadySun1969.tripod.com The Miata: http://members.cardomain.com/bpituley Tiggercam: http://www.tiggercam.co.uk - Every old idea will be proposed again with a different name and a different presentation, regardless of whether it works. - RFC1925 - -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 1:17 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation There you have it...that's the header file. You actually want to start reading the header file from the bottom of this post up... TIA for the help. JB -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 10:14 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Part 3... Message-ID: [EMAIL PROTECTED] From: fellow_american@pride_of_america To: Subject: FREE American Flag Pin - No purchase necessary 15615 Date: Tue, 27 Nov 2001 23:33:37 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) X-MS-Embedded-Report: Content-Type: text/plain; charset=iso-8859-1 --_=_NextPart_000_01C1780F.8D84D950-- --==IFJRGLKFGIR46408UHRUHIHD-- -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 10:12 AM To: Exchange Discussions Subject: FW: Internet Mail Header Investigation Part 2... Received: from IMS.ourcompany.gov ([xxx.xxx.xxx.xxx]) by nis.lapha.com (Lotus Domino Release 5.0.6a) with ESMTP id 2001112822195643:24 ; Wed, 28 Nov 2001 22:19:56 +0900 Received: by IMS.ourcompany.gov with Internet Mail Service (5.5.2653.19) id XVZ0JKH3; Wed, 28 Nov 2001 05:21:14 -0800 Message-ID: [EMAIL PROTECTED] From: System Administrator [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Undeliverable: FREE American Flag Pin - No purchase necessary 15615 Date: Wed, 28 Nov 2001 05:21:13 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) X-MS-Embedded-Report: X-MIMETrack: Itemize by SMTP Server on nis/Lapha(Release 5.0.6a |January 17, 2001) at 2001-11-28 10:19:58 PM, Serialize by Router on nis/Lapha(Release 5.0.6a |January 17, 2001) at 2001-11-29 11:02:11 AM, Serialize complete at 2001-11-29 11:02:11 AM This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 10:05 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Ok...let's try sending this in pieces... Received: from mr.ourcompany.com ([xxx.xxx.xxx.xxx]) by IMS.ourcompany.gov with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2653.13) id XVZ0J31D; Wed, 28 Nov 2001 18:03:42 -0800 Received: (qmail 4027 invoked by uid 104); 29 Nov 2001 00:34:16 - Received: from by mr-new.ourcompany.com with qmail-scanner-0.94 (. Clean. Processed in 9.100323 secs); 28/11/2001 16:34:07 Received: from unknown (HELO nis.lapha.com) (211.52.19.18) by mr.ourcompany.com with SMTP; 29 Nov 2001 00:34:06 - Received: from IMS.ourcompany.gov ([xxx.xxx.xxx.xxx]) by nis.lapha.com (Lotus Domino Release 5.0.6a) with ESMTP id 2001112822195643:24 ; Wed, 28 Nov 2001 22:19:56 +0900 Received: by IMS.ourcompany.gov with Internet Mail
RE: Internet Mail Header Investigation
Roger, I thought that was possibly the problem too, but when I checked the external IP address of the Linux box at the RBL, it came up with nothing. There is one additional note I suppose I should mention. We have eight (8) Unix machines that do payroll and AP/AR processing on a nightly basis. When these processes are finished, they need to use sendmail to send a notification of success or failure to an outside Internet address, from an internal account in the GAL. To accomplish this, I have the reroute incoming SMTP mail option turned on, for the domains: ourcompany.com and IMS.ourcompany.com. I then set the Hosts and clients with these IP addresses section to contain the static IP addresses for all 8 machines, with a subnet mask of 255.255.255.255. Is that okay too? James H (Jim) Blunt Network / Microsoft Exchange Admin. Network Infrastructure Group Bechtel Hanford, Inc. -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 11:12 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation I'm thinking its the Linux box that's an open relay, not Exchange. -- Roger D. Seielstad - MCSE MCT Senior Systems Administrator Peregrine Systems Atlanta, GA http://www.peregrine.com -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 1:45 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation No...it's not an open relay...double-checked the Exchange Server settings and the RBL (Realtime Blackhole List). And yes, that REALLY is just one mail header. It takes 2-1/2 pages to print it out in it's entirety. In the process of triple-checking my relay settings again by reading the article below. Jim Blunt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 10:30 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Is your server an open relay? http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=7696 also available here: http://downloads.members.tripod.com/ladysun1969/misc/relay.tif ps. are you sure that's all from one message? It looks like 3 different message headers -Michèle Immigration site: http://LadySun1969.tripod.com The Miata: http://members.cardomain.com/bpituley Tiggercam: http://www.tiggercam.co.uk - Every old idea will be proposed again with a different name and a different presentation, regardless of whether it works. - RFC1925 - -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 1:17 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation There you have it...that's the header file. You actually want to start reading the header file from the bottom of this post up... TIA for the help. JB -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 10:14 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Part 3... Message-ID: [EMAIL PROTECTED] From: fellow_american@pride_of_america To: Subject: FREE American Flag Pin - No purchase necessary 15615 Date: Tue, 27 Nov 2001 23:33:37 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) X-MS-Embedded-Report: Content-Type: text/plain; charset=iso-8859-1 --_=_NextPart_000_01C1780F.8D84D950-- --==IFJRGLKFGIR46408UHRUHIHD-- -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 10:12 AM To: Exchange Discussions Subject: FW: Internet Mail Header Investigation Part 2... Received: from IMS.ourcompany.gov ([xxx.xxx.xxx.xxx]) by nis.lapha.com (Lotus Domino Release 5.0.6a) with ESMTP id 2001112822195643:24 ; Wed, 28 Nov 2001 22:19:56 +0900 Received: by IMS.ourcompany.gov with Internet Mail Service (5.5.2653.19) id XVZ0JKH3; Wed, 28 Nov 2001 05:21:14 -0800 Message-ID: [EMAIL PROTECTED] From: System Administrator [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Undeliverable: FREE American Flag Pin - No purchase necessary 15615 Date: Wed, 28 Nov 2001 05:21:13 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) X-MS-Embedded-Report: X-MIMETrack: Itemize by SMTP Server on nis/Lapha(Release 5.0.6a |January 17, 2001) at 2001-11-28 10:19:58 PM, Serialize by Router on nis/Lapha(Release 5.0.6a |January 17, 2001) at 2001-11-29 11:02:11 AM, Serialize complete at 2001-11-29 11:02:11 AM This message is in MIME format. Since your mail reader does not understand
RE: Internet Mail Header Investigation
For what it's worth, after reading article: http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=7695, the IMS version I am using is 5.5.2653.13. Jim Blunt -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 11:37 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Roger, I thought that was possibly the problem too, but when I checked the external IP address of the Linux box at the RBL, it came up with nothing. There is one additional note I suppose I should mention. We have eight (8) Unix machines that do payroll and AP/AR processing on a nightly basis. When these processes are finished, they need to use sendmail to send a notification of success or failure to an outside Internet address, from an internal account in the GAL. To accomplish this, I have the reroute incoming SMTP mail option turned on, for the domains: ourcompany.com and IMS.ourcompany.com. I then set the Hosts and clients with these IP addresses section to contain the static IP addresses for all 8 machines, with a subnet mask of 255.255.255.255. Is that okay too? James H (Jim) Blunt Network / Microsoft Exchange Admin. Network Infrastructure Group Bechtel Hanford, Inc. -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 11:12 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation I'm thinking its the Linux box that's an open relay, not Exchange. -- Roger D. Seielstad - MCSE MCT Senior Systems Administrator Peregrine Systems Atlanta, GA http://www.peregrine.com -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 1:45 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation No...it's not an open relay...double-checked the Exchange Server settings and the RBL (Realtime Blackhole List). And yes, that REALLY is just one mail header. It takes 2-1/2 pages to print it out in it's entirety. In the process of triple-checking my relay settings again by reading the article below. Jim Blunt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 10:30 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Is your server an open relay? http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=7696 also available here: http://downloads.members.tripod.com/ladysun1969/misc/relay.tif ps. are you sure that's all from one message? It looks like 3 different message headers -Michèle Immigration site: http://LadySun1969.tripod.com The Miata: http://members.cardomain.com/bpituley Tiggercam: http://www.tiggercam.co.uk - Every old idea will be proposed again with a different name and a different presentation, regardless of whether it works. - RFC1925 - -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 1:17 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation There you have it...that's the header file. You actually want to start reading the header file from the bottom of this post up... TIA for the help. JB -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 10:14 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Part 3... Message-ID: [EMAIL PROTECTED] From: fellow_american@pride_of_america To: Subject: FREE American Flag Pin - No purchase necessary 15615 Date: Tue, 27 Nov 2001 23:33:37 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) X-MS-Embedded-Report: Content-Type: text/plain; charset=iso-8859-1 --_=_NextPart_000_01C1780F.8D84D950-- --==IFJRGLKFGIR46408UHRUHIHD-- -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 10:12 AM To: Exchange Discussions Subject: FW: Internet Mail Header Investigation Part 2... Received: from IMS.ourcompany.gov ([xxx.xxx.xxx.xxx]) by nis.lapha.com (Lotus Domino Release 5.0.6a) with ESMTP id 2001112822195643:24 ; Wed, 28 Nov 2001 22:19:56 +0900 Received: by IMS.ourcompany.gov with Internet Mail Service (5.5.2653.19) id XVZ0JKH3; Wed, 28 Nov 2001 05:21:14 -0800 Message-ID: [EMAIL PROTECTED] From: System Administrator [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Undeliverable: FREE American Flag Pin - No purchase necessary 15615 Date: Wed, 28 Nov 2001 05:21:13 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) X-MS-Embedded-Report
RE: Internet Mail Header Investigation
According to the available knowledge articles I would say that you have your routing setup correctly. This is similiar to how mine is set except I have null for my Host and Clients... This prevents any relaying (or is suppose to). -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 1:37 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Roger, I thought that was possibly the problem too, but when I checked the external IP address of the Linux box at the RBL, it came up with nothing. There is one additional note I suppose I should mention. We have eight (8) Unix machines that do payroll and AP/AR processing on a nightly basis. When these processes are finished, they need to use sendmail to send a notification of success or failure to an outside Internet address, from an internal account in the GAL. To accomplish this, I have the reroute incoming SMTP mail option turned on, for the domains: ourcompany.com and IMS.ourcompany.com. I then set the Hosts and clients with these IP addresses section to contain the static IP addresses for all 8 machines, with a subnet mask of 255.255.255.255. Is that okay too? James H (Jim) Blunt Network / Microsoft Exchange Admin. Network Infrastructure Group Bechtel Hanford, Inc. -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 11:12 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation I'm thinking its the Linux box that's an open relay, not Exchange. -- Roger D. Seielstad - MCSE MCT Senior Systems Administrator Peregrine Systems Atlanta, GA http://www.peregrine.com -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 1:45 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation No...it's not an open relay...double-checked the Exchange Server settings and the RBL (Realtime Blackhole List). And yes, that REALLY is just one mail header. It takes 2-1/2 pages to print it out in it's entirety. In the process of triple-checking my relay settings again by reading the article below. Jim Blunt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 10:30 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Is your server an open relay? http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=7696 also available here: http://downloads.members.tripod.com/ladysun1969/misc/relay.tif ps. are you sure that's all from one message? It looks like 3 different message headers -Michèle Immigration site: http://LadySun1969.tripod.com The Miata: http://members.cardomain.com/bpituley Tiggercam: http://www.tiggercam.co.uk - Every old idea will be proposed again with a different name and a different presentation, regardless of whether it works. - RFC1925 - -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 1:17 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation There you have it...that's the header file. You actually want to start reading the header file from the bottom of this post up... TIA for the help. JB -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 10:14 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Part 3... Message-ID: [EMAIL PROTECTED] From: fellow_american@pride_of_america To: Subject: FREE American Flag Pin - No purchase necessary 15615 Date: Tue, 27 Nov 2001 23:33:37 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) X-MS-Embedded-Report: Content-Type: text/plain; charset=iso-8859-1 --_=_NextPart_000_01C1780F.8D84D950-- --==IFJRGLKFGIR46408UHRUHIHD-- -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 10:12 AM To: Exchange Discussions Subject: FW: Internet Mail Header Investigation Part 2... Received: from IMS.ourcompany.gov ([xxx.xxx.xxx.xxx]) by nis.lapha.com (Lotus Domino Release 5.0.6a) with ESMTP id 2001112822195643:24 ; Wed, 28 Nov 2001 22:19:56 +0900 Received: by IMS.ourcompany.gov with Internet Mail Service (5.5.2653.19) id XVZ0JKH3; Wed, 28 Nov 2001 05:21:14 -0800 Message-ID: [EMAIL PROTECTED] From: System Administrator [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Undeliverable: FREE American Flag Pin - No purchase necessary 15615 Date: Wed, 28 Nov 2001 05:21:13 -0800 MIME-Version: 1.0 X
RE: Internet Mail Header Investigation
One last thing I just found out about. Somehow...don't ask me how, I don't know...a copy of WinSock Proxy Client has been installed on the IMS and set to use the Proxy Server. What the heck is this going to do? Is this necessary to allow the Unix boxes to send out to the Internet, thru the IMS? Jim Blunt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 12:56 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation According to the available knowledge articles I would say that you have your routing setup correctly. This is similiar to how mine is set except I have null for my Host and Clients... This prevents any relaying (or is suppose to). -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 1:37 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Roger, I thought that was possibly the problem too, but when I checked the external IP address of the Linux box at the RBL, it came up with nothing. There is one additional note I suppose I should mention. We have eight (8) Unix machines that do payroll and AP/AR processing on a nightly basis. When these processes are finished, they need to use sendmail to send a notification of success or failure to an outside Internet address, from an internal account in the GAL. To accomplish this, I have the reroute incoming SMTP mail option turned on, for the domains: ourcompany.com and IMS.ourcompany.com. I then set the Hosts and clients with these IP addresses section to contain the static IP addresses for all 8 machines, with a subnet mask of 255.255.255.255. Is that okay too? James H (Jim) Blunt Network / Microsoft Exchange Admin. Network Infrastructure Group Bechtel Hanford, Inc. -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 11:12 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation I'm thinking its the Linux box that's an open relay, not Exchange. -- Roger D. Seielstad - MCSE MCT Senior Systems Administrator Peregrine Systems Atlanta, GA http://www.peregrine.com -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 1:45 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation No...it's not an open relay...double-checked the Exchange Server settings and the RBL (Realtime Blackhole List). And yes, that REALLY is just one mail header. It takes 2-1/2 pages to print it out in it's entirety. In the process of triple-checking my relay settings again by reading the article below. Jim Blunt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 10:30 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Is your server an open relay? http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=7696 also available here: http://downloads.members.tripod.com/ladysun1969/misc/relay.tif ps. are you sure that's all from one message? It looks like 3 different message headers -Michèle Immigration site: http://LadySun1969.tripod.com The Miata: http://members.cardomain.com/bpituley Tiggercam: http://www.tiggercam.co.uk - Every old idea will be proposed again with a different name and a different presentation, regardless of whether it works. - RFC1925 - -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 1:17 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation There you have it...that's the header file. You actually want to start reading the header file from the bottom of this post up... TIA for the help. JB -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 10:14 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Part 3... Message-ID: [EMAIL PROTECTED] From: fellow_american@pride_of_america To: Subject: FREE American Flag Pin - No purchase necessary 15615 Date: Tue, 27 Nov 2001 23:33:37 -0800 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2653.19) X-MS-Embedded-Report: Content-Type: text/plain; charset=iso-8859-1 --_=_NextPart_000_01C1780F.8D84D950-- --==IFJRGLKFGIR46408UHRUHIHD-- -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 10:12 AM To: Exchange Discussions Subject: FW: Internet Mail Header Investigation Part 2... Received: from IMS.ourcompany.gov ([xxx.xxx.xxx.xxx]) by nis.lapha.com
RE: Internet Mail Header Investigation
Nope. This has nothing to do with sending SMTP mail via relay. This is a function of how you setup your relaying in the connections tabInternet Mail Service. I'm assuming that the unix boxes send all the mail to the same domain. One recommendation is to setup a custom Email Domain on the Intenet Mail connector tab. Set your mime type to Ascii. This is for another error I remember seeing in your original post. -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 3:48 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation One last thing I just found out about. Somehow...don't ask me how, I don't know...a copy of WinSock Proxy Client has been installed on the IMS and set to use the Proxy Server. What the heck is this going to do? Is this necessary to allow the Unix boxes to send out to the Internet, thru the IMS? Jim Blunt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 12:56 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation According to the available knowledge articles I would say that you have your routing setup correctly. This is similiar to how mine is set except I have null for my Host and Clients... This prevents any relaying (or is suppose to). -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 1:37 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Roger, I thought that was possibly the problem too, but when I checked the external IP address of the Linux box at the RBL, it came up with nothing. There is one additional note I suppose I should mention. We have eight (8) Unix machines that do payroll and AP/AR processing on a nightly basis. When these processes are finished, they need to use sendmail to send a notification of success or failure to an outside Internet address, from an internal account in the GAL. To accomplish this, I have the reroute incoming SMTP mail option turned on, for the domains: ourcompany.com and IMS.ourcompany.com. I then set the Hosts and clients with these IP addresses section to contain the static IP addresses for all 8 machines, with a subnet mask of 255.255.255.255. Is that okay too? James H (Jim) Blunt Network / Microsoft Exchange Admin. Network Infrastructure Group Bechtel Hanford, Inc. -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 11:12 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation I'm thinking its the Linux box that's an open relay, not Exchange. -- Roger D. Seielstad - MCSE MCT Senior Systems Administrator Peregrine Systems Atlanta, GA http://www.peregrine.com -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 1:45 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation No...it's not an open relay...double-checked the Exchange Server settings and the RBL (Realtime Blackhole List). And yes, that REALLY is just one mail header. It takes 2-1/2 pages to print it out in it's entirety. In the process of triple-checking my relay settings again by reading the article below. Jim Blunt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 10:30 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Is your server an open relay? http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=7696 also available here: http://downloads.members.tripod.com/ladysun1969/misc/relay.tif ps. are you sure that's all from one message? It looks like 3 different message headers -Michèle Immigration site: http://LadySun1969.tripod.com The Miata: http://members.cardomain.com/bpituley Tiggercam: http://www.tiggercam.co.uk - Every old idea will be proposed again with a different name and a different presentation, regardless of whether it works. - RFC1925 - -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 1:17 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation There you have it...that's the header file. You actually want to start reading the header file from the bottom of this post up... TIA for the help. JB -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 10:14 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Part 3... Message-ID: [EMAIL PROTECTED] From: fellow_american@pride_of_america To: Subject: FREE
RE: Internet Mail Header Investigation
Assumption #1 is incorrect. The Unix boxes send out e-mails to EVERY subcontractor we run AP/AR (Accounts Payable / Accounts Receivable) for. This is quite literally 100 or more companies. Our company is very heavily into the Change Control Board method of documenting possible changes and having a review board approve them, before changes can be made. Can you be more specific than another error and explain how the suggested action is going to fix that error? Thanks much, Jim B. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 1:56 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Nope. This has nothing to do with sending SMTP mail via relay. This is a function of how you setup your relaying in the connections tabInternet Mail Service. I'm assuming that the unix boxes send all the mail to the same domain. One recommendation is to setup a custom Email Domain on the Intenet Mail connector tab. Set your mime type to Ascii. This is for another error I remember seeing in your original post. -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 3:48 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation One last thing I just found out about. Somehow...don't ask me how, I don't know...a copy of WinSock Proxy Client has been installed on the IMS and set to use the Proxy Server. What the heck is this going to do? Is this necessary to allow the Unix boxes to send out to the Internet, thru the IMS? Jim Blunt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 12:56 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation According to the available knowledge articles I would say that you have your routing setup correctly. This is similiar to how mine is set except I have null for my Host and Clients... This prevents any relaying (or is suppose to). -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 1:37 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Roger, I thought that was possibly the problem too, but when I checked the external IP address of the Linux box at the RBL, it came up with nothing. There is one additional note I suppose I should mention. We have eight (8) Unix machines that do payroll and AP/AR processing on a nightly basis. When these processes are finished, they need to use sendmail to send a notification of success or failure to an outside Internet address, from an internal account in the GAL. To accomplish this, I have the reroute incoming SMTP mail option turned on, for the domains: ourcompany.com and IMS.ourcompany.com. I then set the Hosts and clients with these IP addresses section to contain the static IP addresses for all 8 machines, with a subnet mask of 255.255.255.255. Is that okay too? James H (Jim) Blunt Network / Microsoft Exchange Admin. Network Infrastructure Group Bechtel Hanford, Inc. -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 11:12 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation I'm thinking its the Linux box that's an open relay, not Exchange. -- Roger D. Seielstad - MCSE MCT Senior Systems Administrator Peregrine Systems Atlanta, GA http://www.peregrine.com -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 1:45 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation No...it's not an open relay...double-checked the Exchange Server settings and the RBL (Realtime Blackhole List). And yes, that REALLY is just one mail header. It takes 2-1/2 pages to print it out in it's entirety. In the process of triple-checking my relay settings again by reading the article below. Jim Blunt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 10:30 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Is your server an open relay? http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=7696 also available here: http://downloads.members.tripod.com/ladysun1969/misc/relay.tif ps. are you sure that's all from one message? It looks like 3 different message headers -Michèle Immigration site: http://LadySun1969.tripod.com The Miata: http://members.cardomain.com/bpituley Tiggercam: http://www.tiggercam.co.uk - Every old idea will be proposed again with a different name and a different presentation, regardless of whether it works. - RFC1925
RE: Internet Mail Header Investigation
Something along this lines.. This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 4:04 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Assumption #1 is incorrect. The Unix boxes send out e-mails to EVERY subcontractor we run AP/AR (Accounts Payable / Accounts Receivable) for. This is quite literally 100 or more companies. Our company is very heavily into the Change Control Board method of documenting possible changes and having a review board approve them, before changes can be made. Can you be more specific than another error and explain how the suggested action is going to fix that error? Thanks much, Jim B. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 1:56 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Nope. This has nothing to do with sending SMTP mail via relay. This is a function of how you setup your relaying in the connections tabInternet Mail Service. I'm assuming that the unix boxes send all the mail to the same domain. One recommendation is to setup a custom Email Domain on the Intenet Mail connector tab. Set your mime type to Ascii. This is for another error I remember seeing in your original post. -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 3:48 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation One last thing I just found out about. Somehow...don't ask me how, I don't know...a copy of WinSock Proxy Client has been installed on the IMS and set to use the Proxy Server. What the heck is this going to do? Is this necessary to allow the Unix boxes to send out to the Internet, thru the IMS? Jim Blunt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 12:56 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation According to the available knowledge articles I would say that you have your routing setup correctly. This is similiar to how mine is set except I have null for my Host and Clients... This prevents any relaying (or is suppose to). -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 1:37 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Roger, I thought that was possibly the problem too, but when I checked the external IP address of the Linux box at the RBL, it came up with nothing. There is one additional note I suppose I should mention. We have eight (8) Unix machines that do payroll and AP/AR processing on a nightly basis. When these processes are finished, they need to use sendmail to send a notification of success or failure to an outside Internet address, from an internal account in the GAL. To accomplish this, I have the reroute incoming SMTP mail option turned on, for the domains: ourcompany.com and IMS.ourcompany.com. I then set the Hosts and clients with these IP addresses section to contain the static IP addresses for all 8 machines, with a subnet mask of 255.255.255.255. Is that okay too? James H (Jim) Blunt Network / Microsoft Exchange Admin. Network Infrastructure Group Bechtel Hanford, Inc. -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 11:12 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation I'm thinking its the Linux box that's an open relay, not Exchange. -- Roger D. Seielstad - MCSE MCT Senior Systems Administrator Peregrine Systems Atlanta, GA http://www.peregrine.com -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 1:45 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation No...it's not an open relay...double-checked the Exchange Server settings and the RBL (Realtime Blackhole List). And yes, that REALLY is just one mail header. It takes 2-1/2 pages to print it out in it's entirety. In the process of triple-checking my relay settings again by reading the article below. Jim Blunt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 10:30 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Is your server an open relay? http://www.exchangeadmin.com/Articles/Index.cfm?ArticleID=7696 also available here: http://downloads.members.tripod.com/ladysun1969/misc/relay.tif ps. are you sure that's all from one message? It looks like 3 different message headers -Michèle Immigration site: http
RE: Internet Mail Header Investigation
(You might have already stated this) But, are you logging smtp events. - From: System Administrator [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Undeliverable: FREE American Flag Pin - No purchase necessary -- Setup a Distribution list for and assign this smtp address: [EMAIL PROTECTED] Place your name into the distribution list so you will recieve reports. This looks like spam. However, I'm use to seeing the From: address as . There are a few RFC's that address this but I found them to be absolutley useless and outdated. The faq mentions one but it fits the useless category. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 4:26 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Something along this lines.. This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 4:04 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Assumption #1 is incorrect. The Unix boxes send out e-mails to EVERY subcontractor we run AP/AR (Accounts Payable / Accounts Receivable) for. This is quite literally 100 or more companies. Our company is very heavily into the Change Control Board method of documenting possible changes and having a review board approve them, before changes can be made. Can you be more specific than another error and explain how the suggested action is going to fix that error? Thanks much, Jim B. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 1:56 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Nope. This has nothing to do with sending SMTP mail via relay. This is a function of how you setup your relaying in the connections tabInternet Mail Service. I'm assuming that the unix boxes send all the mail to the same domain. One recommendation is to setup a custom Email Domain on the Intenet Mail connector tab. Set your mime type to Ascii. This is for another error I remember seeing in your original post. -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 3:48 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation One last thing I just found out about. Somehow...don't ask me how, I don't know...a copy of WinSock Proxy Client has been installed on the IMS and set to use the Proxy Server. What the heck is this going to do? Is this necessary to allow the Unix boxes to send out to the Internet, thru the IMS? Jim Blunt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 12:56 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation According to the available knowledge articles I would say that you have your routing setup correctly. This is similiar to how mine is set except I have null for my Host and Clients... This prevents any relaying (or is suppose to). -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 1:37 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Roger, I thought that was possibly the problem too, but when I checked the external IP address of the Linux box at the RBL, it came up with nothing. There is one additional note I suppose I should mention. We have eight (8) Unix machines that do payroll and AP/AR processing on a nightly basis. When these processes are finished, they need to use sendmail to send a notification of success or failure to an outside Internet address, from an internal account in the GAL. To accomplish this, I have the reroute incoming SMTP mail option turned on, for the domains: ourcompany.com and IMS.ourcompany.com. I then set the Hosts and clients with these IP addresses section to contain the static IP addresses for all 8 machines, with a subnet mask of 255.255.255.255. Is that okay too? James H (Jim) Blunt Network / Microsoft Exchange Admin. Network Infrastructure Group Bechtel Hanford, Inc. -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 11:12 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation I'm thinking its the Linux box that's an open relay, not Exchange. -- Roger D. Seielstad - MCSE MCT Senior Systems Administrator Peregrine Systems Atlanta, GA http://www.peregrine.com -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 1:45 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation No...it's not an open relay...double-checked
RE: Internet Mail Header Investigation
As matter of fact, I brought up this issue a few weeks back on a similar problem I was having. I received some good feedback and some even better flames. Check some of those posts and see if they provide any info. They subject lines had open relay if I remember correctly. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 4:33 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation (You might have already stated this) But, are you logging smtp events. - From: System Administrator [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Undeliverable: FREE American Flag Pin - No purchase necessary -- Setup a Distribution list for and assign this smtp address: [EMAIL PROTECTED] Place your name into the distribution list so you will recieve reports. This looks like spam. However, I'm use to seeing the From: address as . There are a few RFC's that address this but I found them to be absolutley useless and outdated. The faq mentions one but it fits the useless category. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 4:26 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Something along this lines.. This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 4:04 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Assumption #1 is incorrect. The Unix boxes send out e-mails to EVERY subcontractor we run AP/AR (Accounts Payable / Accounts Receivable) for. This is quite literally 100 or more companies. Our company is very heavily into the Change Control Board method of documenting possible changes and having a review board approve them, before changes can be made. Can you be more specific than another error and explain how the suggested action is going to fix that error? Thanks much, Jim B. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 1:56 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Nope. This has nothing to do with sending SMTP mail via relay. This is a function of how you setup your relaying in the connections tabInternet Mail Service. I'm assuming that the unix boxes send all the mail to the same domain. One recommendation is to setup a custom Email Domain on the Intenet Mail connector tab. Set your mime type to Ascii. This is for another error I remember seeing in your original post. -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 3:48 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation One last thing I just found out about. Somehow...don't ask me how, I don't know...a copy of WinSock Proxy Client has been installed on the IMS and set to use the Proxy Server. What the heck is this going to do? Is this necessary to allow the Unix boxes to send out to the Internet, thru the IMS? Jim Blunt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 12:56 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation According to the available knowledge articles I would say that you have your routing setup correctly. This is similiar to how mine is set except I have null for my Host and Clients... This prevents any relaying (or is suppose to). -Original Message- From: Blunt, James H (Jim) [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 1:37 PM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation Roger, I thought that was possibly the problem too, but when I checked the external IP address of the Linux box at the RBL, it came up with nothing. There is one additional note I suppose I should mention. We have eight (8) Unix machines that do payroll and AP/AR processing on a nightly basis. When these processes are finished, they need to use sendmail to send a notification of success or failure to an outside Internet address, from an internal account in the GAL. To accomplish this, I have the reroute incoming SMTP mail option turned on, for the domains: ourcompany.com and IMS.ourcompany.com. I then set the Hosts and clients with these IP addresses section to contain the static IP addresses for all 8 machines, with a subnet mask of 255.255.255.255. Is that okay too? James H (Jim) Blunt Network / Microsoft Exchange Admin. Network Infrastructure Group Bechtel Hanford, Inc. -Original Message- From: Roger Seielstad [mailto:[EMAIL PROTECTED]] Sent: Friday, November 30, 2001 11:12 AM To: Exchange Discussions Subject: RE: Internet Mail Header Investigation I'm thinking its
