[CLUE-Tech] SMTP Envelope Question
David Guntner
davidg at akaMail.com
Sun Nov 10 15:07:26 MST 2002
Jed S. Baer grabbed a keyboard and wrote:
>
> I thought I understood enough about SMTP headers to track spam back to the
> originiting machine, and thus identify the owner of the IP address. This
> one has me scratching my head a bit.
>
> Received: from redshift.com ([156.148.56.6])
> by betades.freeserve.co.uk (8.9.3/8.9.3) with SMTP id 30243
>
> The IP address 156.148.56.6 is owned by CERN. redshift.com has address
> 216.228.2.86. I have no idea what the (8.9.3/8.9.3) notation means.
>
> Are spammers now using some hacked-up SMTP programs that forge data in the
> initial envelope, or going through servers which intentionally mis-resolve
> hosts/addresses?
IP addresses in headers are usually shown in square brackets [] and not
parenthesis (). I would say that betades.freeserve.co.uk is simply showing
that it's running sendmail version 8.9.3, although that host name doesn't
resolve to anything.... It could be a fake header record, but without the
whole header to analyze, it's hard for me to say. Maybe someone else will
have a better idea. But when you see that kind of notation in a header,
it's just the machine stamping the version of the software that it's using.
--Dave
--
David Guntner GEnie: Just say NO!
http://www.akaMail.com/pgpkey/davidg or key server
for PGP Public key
More information about the clue-tech
mailing list