[CLUE-Tech] SMTP Envelope Question
Frank Whiteley
techzone at greeleynet.com
Sun Nov 10 14:39:56 MST 2002
I think the first 8.9.3 is the software version number, the second the
sendmail.cf version number. They may be different.
Want to post the entire header for analysis?
Frank
----- Original Message -----
From: "Jed S. Baer" <thag at frii.com>
To: "clue-tech" <clue-tech at clue.denver.co.us>
Sent: Sunday, November 10, 2002 2:34 PM
Subject: [CLUE-Tech] SMTP Envelope Question
> Hi Folks.
>
> I thought I understood enough about SMTP headers to track spam back to the
> originiting machine, and thus identify the owner of the IP address. This
> one has me scratching my head a bit.
>
> Received: from redshift.com ([156.148.56.6])
> by betades.freeserve.co.uk (8.9.3/8.9.3) with SMTP id 30243
>
> The IP address 156.148.56.6 is owned by CERN. redshift.com has address
> 216.228.2.86. I have no idea what the (8.9.3/8.9.3) notation means.
>
> Are spammers now using some hacked-up SMTP programs that forge data in the
> initial envelope, or going through servers which intentionally mis-resolve
> hosts/addresses?
>
> jed
> --
> We're frogs who are getting boiled in a pot full of single-character
> morphemes, and we don't notice. - Larry Wall; Perl6, Apocalypse 5
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
>
More information about the clue-tech
mailing list