Are message IDs assigned by each MTA to handle a given email? As in:
No. Message-IDs should properly be assigned by the first MTA that gets the message WITHOUT a message-id. This SHOULD be the originating MTA.
Received: from smtp01.infoave.net ([165.166.0.26] verified)
by mail.MDCCLXXVI.com (Stalker SMTP Server 1.8b9d14)
with ESMTP id S.0003132321 for <[EMAIL PROTECTED]>; Sat, 23 Aug 2003 08:45:36 -0700
Received: from TRAVELER ([209.164.228.118])
by SMTP00.InfoAve.Net (PMDF V6.1-1IA5 #30771)
with ESMTP id <[EMAIL PROTECTED]> for [EMAIL PROTECTED]; Sat,
If so, then given:
Received: from [209.194.92.34] (HELO ARLSAUCER)
by mail.MDCCLXXVI.com (Stalker SMTP Server 1.8b9d14)
with ESMTP id S.0003181674 for <[EMAIL PROTECTED]>; Sat, 30 Aug 2003 07:40:54 -0700
None of this has anything to do with Mesage-IDs
is it safe to assume that 209.194.92.34 is the originating host and not a relay?
The only received header you can trust 100% is the one SIMS adds (the last one). How much you trust above that depends.
209.194.92.34 has been belching out sobig virus laden email and I've been the recipient. There's no PTR record for this host, which tends to make me think it's a workstation, not a mail server.
blacklist it. Whether it is the originator of the virus or a relay doesn't really matter at this point, does it?
Just trying to figure out how to email the doofus responsible.
I would ay that was a waste of time, myself
-- MEGAHAL: within my penguin lies a torrid story of hate and love.
############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
