At 11:49 PM -0600 8/30/2003, LuKreme (List User Kreme) wrote: >On Aug 30, 2003, at 11:19 PM, Warren Michelsen wrote: >> >>Received: from smtp01.infoave.net ([165.166.0.26] verified) >> by mail.MDCCLXXVI.com (Stalker SMTP Server 1.8b9d14) >> with ESMTP id S.0003132321 for <[EMAIL PROTECTED]>; Sat, 23 Aug 2003 08:45:36 -0700 >>Received: from TRAVELER ([209.164.228.118]) >> by SMTP00.InfoAve.Net (PMDF V6.1-1IA5 #30771) >> with ESMTP id <[EMAIL PROTECTED]> for [EMAIL PROTECTED]; Sat, >> >>If so, then given: >> >>Received: from [209.194.92.34] (HELO ARLSAUCER) >> by mail.MDCCLXXVI.com (Stalker SMTP Server 1.8b9d14) >> with ESMTP id S.0003181674 for <[EMAIL PROTECTED]>; Sat, 30 Aug 2003 07:40:54 -0700 > >None of this has anything to do with Mesage-IDs
So, in the first instance, "S.0003132321" and "<[EMAIL PROTECTED]>" are not the message IDs (for the respective servers), nor "S.0003181674" in the second? > >>is it safe to assume that 209.194.92.34 is the originating host and not a relay? > >The only received header you can trust 100% is the one SIMS adds (the last one). How >much you trust above that depends. > >>209.194.92.34 has been belching out sobig virus laden email and I've been the >>recipient. There's no PTR record for this host, which tends to make me think it's a >>workstation, not a mail server. > >blacklist it. Whether it is the originator of the virus or a relay doesn't really >matter at this point, does it? Matter? Not much. But I am curious. I thought I'd use the occasion to better understand mail headers. > >>Just trying to figure out how to email the doofus responsible. > >I would ay that was a waste of time, myself Possibly. -- Warren Michelsen <[EMAIL PROTECTED]> Online Tools For Business -- <http://www.OTFB.com/> Small Business & E-commerce web hosting ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
