Thanks to all the people who explained how I should read the trace.
I am now a bit more enlightened.
One other clue, Andrew.
People who do this sort of thing professionally are only going to be able to use your trace in a legal sense if the timestamps are absolutely correct. Because they can't guarantee that the timestamps on any intervening machine are correct, if you're going to make this useful it helps to be setting timestamps on your mailserver via NTP.
Scammers perpetrating this sort of thing dial in somewhere, send a batch, disconnect, dial somewhere else, etc. They can be very hard to catch.
-- Del
-- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
