Hi, On Tue, 4 May 2004 00:16:33 -0500 (EST) Mike Burger <[EMAIL PROTECTED]> wrote:
> On Mon, 3 May 2004, Pilar Sancho wrote: > > > We are doing statistics of spam. We need to know the IP of the Relay > > that delivers the messages to our organization. > > > > for example, simplifying: > > > > Received: from ([155.210.11.99]) .................. > > Received: from ([155.210.11.66]) by ............... > > Received: from ([193.180.251.253]) by ............. > > Received: from ([158.234.34.23]) by ............... > > > > 155.210.11.99 and 155.210.11.66 are internal IPs to my organization > > I want to obtain the IP: 193.180.251.253 > > > > Does anybody know as I can obtain this IP? > > Generally speaking? "nslookup 193.180.251.253" should suffice. BUT... > > ...it probably won't work...you should notice that in most cases, the IPs > are accompanied by FQDNs. If you have just an IP (which is often > accompanied by "unknown"), it's usually because there was no DNS > information for that IP address. It's more difficult to automate but if you really need to know who's responsible for an IP address, rather than its rDNS, try looking it up at ARIN (US IP registry): whois -h whois.arin.net 193.180.251.253 which will point you to RIPE (Europe): whois -h whois.ripe.net 193.180.251.253 Other IP registries include APNIC (Asia-Pacific - whois.apnic.net), with more detail in AUNIC, KRNIC, JPNIC, and CNNIC, and LACNIC (Latin America - whois.lacnic.net) In this case, 193.180.251.253 is part of 193.180.251.0/24, operated by "LM Ericsson Sodra Fastighetsforvaltning AB" in Sweden. One way to simplify your reporting is to not accept mail from hosts with broken or missing rDNS. You may have to whitelist a handful of misconfigured domains but you'll deflect a far larger proportion of spam. Works great here but as always, YMMV. hth, -- Bob
