At 7:42 PM -0700 7/8/02, Matthew Hill imposed structure on a stream of electrons, yielding: >Here's another one for good measure! I dont see these going out >from anywhere!
They aren't going out from your machines at all. This one is a little better than the AOL bounces, since Notes at least preserves headers, after a fashion. Essentially it treats the bounce as a continmued journey of the original, so you get the path of the bounce and the path of the original all in one. >From: upxHel <[EMAIL PROTECTED]> >From: [EMAIL PROTECTED] >Date: Mon Jul 08, 2002 07:34:34 PM US/Pacific >To: upxHel <[EMAIL PROTECTED]> >Cc: >Subject: DELIVERY FAILURE: User mjohnston >([EMAIL PROTECTED]) not listed in public Name & Address >Book >Return-Path: <> >X-Mirrored-By: [EMAIL PROTECTED] That's why these are causing you trouble. The 'unknown' account is a misfeature. I understand why SIMS (and other servers) offer it, but there is good reason for it to be turned off by default. If it was off, these bounces would be bouncing instead of delivering to you. >Received: from fw251.intermet.com ([204.146.63.251] verified) by >milepost1.com (Stalker SMTP Server 1.8b8) with SMTP id S.0001112311 >for <[EMAIL PROTECTED]>; Mon, 08 Jul 2002 19:37:33 -0700 >Received: from hstgw031.intermet.com by fw251.intermet.com via smtpd >(for user-vc8fec8.biz.mindspring.com [216.135.185.136]) with SMTP; 9 >Jul 2002 02:37:30 UT That's the path of the bounce. hstgw01.intermet.com didn't like the message, so it bounced it by way of its outbound firewall (that's a guess at fw251) for you, and it noted that your primary MX resolves to an IP which reverses to that Mindspring name. >Received: from firewall.intermet.com ([10.250.0.2]) by >hstgw031.intermet.com (Lotus Domino Release 5.0.4) with SMTP id >2002070822331807:6974 ; Mon, 8 Jul 2002 22:33:18 -0400 >Received: from h162-040-098-242.adsl.navix.net ([162.40.98.242]) by >firewall.intermet.com via smtpd (for hstgw031.intermet.com >[10.1.0.31]) with SMTP; 9 Jul 2002 02:37:10 UT There it is. Back to here, the Received headers chain neatly. h162-040-098-242.adsl.navix.net handed the original message to firewall.intermet.com, aimed at hstgw01 (which we know from above is what did the bouncing.) Past here it's garbage... >Received: from unknown (HELO da001d2020.lax-ca.osd.concentric.net) >(194.29.209.49) by f64.law4.hotmail.com with QMQP; Jul, 08 2002 >9:27:17 PM +0300 huh? hotmail? BS. QMQP? Not likely. +0300? Doubtful. This doesn't chain with the later (i.e. above) received headers AND the unlikely timezone and protocol are a known spamsign. QMQP is real, but you won't see it outside of QMail installations, and Hotmail doesn't use QMail anyway. Or have servers in the Middle East/Eastern Europe/East Africa. The nail in the coffin is that MTA's don't put AM/PM into Received headers. >Received: from [203.186.145.225] by hotmail.com (3.2) with ESMTP id >MHotMailBE7297E1009B400437E7CBBA91E10D0B0; Jul, 08 2002 8:05:23 PM >-0000 >Received: from [176.244.234.14] by smtp-server6.tampabay.rr.com with >local; Jul, 08 2002 7:30:09 PM +0300 >Received: from rly-yk04.mx.aol.com ([99.100.131.137]) by rly- >xw01.mx.aol.com with NNFMP; Jul, 08 2002 6:15:10 PM -0700 More chaining, protocol, and zone problems. More PM's. NNFMP is a protocol that is proprietary and used only internally at Yahoo. The 'local' protocol is supposed to indicate that a message came from the machine adding the Received header. Plus this message seems to have traveled back in time, with a hand-off at PDT AOL servers (itself iffy) at 2002/07/09:01:15:10 UTC and then showing up about 9 hours earlier in Tampa Bay, (the one outside of Baghdad, according to the zone) them hitting some British arm of Hotmail 3:35 later, carrying the Received header that the AOL machines were going to create almost 6 hours into the future. At least, that what it appears to be if the PM's which MTA's don't use are all correct. IOW: those Received headers are bogus, and not even forged to be minimally believable. This is a demo of rules #1 & #2 of spammers: spammers lie and spammers are profoundly stupid. >Mime-Version: 1.0 >X-Mailer: QUALCOMM Windows Eudora Version 5.1 >X-Priority: 1 (High) >X-Mimetrack: Itemize by SMTP Server on HSTGW031/IMET(Release 5.0.4 >|June 8, 2000) at 07/08/2002 10:33:20 PM, Serialize by Router on >HSTGW031/IMET(Release 5.0.4 |June 8, 2000) at 07/08/2002 10:33:41 >PM, Serialize complete at 07/08/2002 10:33:41 PM >Message-Id: <[EMAIL PROTECTED]> >Content-Type: multipart/report; report-type=delivery-status; >boundary="==IFJRGLKFGIR62893UHRUHIHD" > >Your message > > Subject: OUR LAST PICK WENT UP 47% IN JUST 2 >DAYS--------------------13593 kbqqn > >was not delivered to: > > [EMAIL PROTECTED] > >because: > > User mjohnston ([EMAIL PROTECTED]) not listed in public >Name & Address Book > >Reporting-MTA: dns;hstgw031.intermet.com That tells you where to split those Received headers into original message and bounce paths. -- Bill Cole [EMAIL PROTECTED] ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
