Re: Finding out original source of e-mail
From: Alex Zbyslaw (xfb52_at_dial.pipex.com)
Date: 05/18/05
- Previous message: Chris Knipe: "Re: lmmon + FBSD 5.4"
- In reply to: jonvalverde_at_aol.com: "Finding out original source of e-mail"
- Next in thread: Lars Kristiansen: "Re: Finding out original source of e-mail"
- Reply: Lars Kristiansen: "Re: Finding out original source of e-mail"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 18 May 2005 18:31:20 +0100 To: jonvalverde@aol.com
jonvalverde@aol.com wrote:
>
>OK....this might not be the right place to aqsk this questions. But, I'm trying to find the true souce of this e-mail.....is it possible to do this?
>
>
>Received: from JonValverde@aol.com
> by imo-d23.mx.aol.com (mail_out_v38_r1.7.) id t.144.45734b7c (16109)
> for <Ashlee@wyomingcda.com>; Tue, 17 May 2005 15:29:57 -0400 (EDT)
>Return-Path: <jonvalverde@aol.com>
>Received: from FWM-D38 (fwm-d38.webmail.aol.com [205.188.162.14]) by
>air-id12.mx.aol.com (vx) with ESMTP id MAILINID121-3eed428a4635111; Tue, 17 May
>2005 15:29:57 -0400
>
>
>Date: Tue, 17 May 2005 15:29:57 -0400
>Message-Id: <8C7292DF1ACA2ED-B0C-44CA8@FWM-D38.sysops.aol.com>
>From: jonvalverde@aol.com
>References: <3320552738.123535@vega-club.rousse.spnet.net>
>Received: from 204.214.222.51 by FWM-D38.sysops.aol.com (205.188.162.14) with
>HTTP (WebMailUI); Tue, 17 May 2005 15:29:57 -0400
>
>X-Mailer: AOL WebMail 1.0.0.12281
>
This bit at the bottom is the transcript of the original email. Most
bounce messages include it, some do not. There are too few hours in the
day to shoot all the postmasters responsible for bounce message which do
not contain these original headers, but you are lucky and have them.
The lines you care about are the "Received:" lines, and you have to read
them backwards. That is, the line nearest the bottom is the first step
in the mail delivery, and the top line is the last step in the delivery.
Looking at the first received line shows that FWM-D38.sysops.aol.com
received the email from 204.214.222.51. Usually you would expect to
see a name associated with that address, but in this case there isn't.
Trying
# host -a 204.214.222.51
rcode = 3 (Non-existent domain), ancount=0
Host not found.
shows that there no reverse lookup info for this host. Most probably an
AOL host given that it was sent using an AOL Webmail interface.
My advice? Forget about it and throw it in the bin where it belongs.
I've had half a dozen minimum this week. Some spammer is pretending to
be you. The HTTP (WebMailUI) delivery method seems unusual; normally
you would expect some zombie machine to be sending these with SMTP. But
then again, I pay so little attention to these things these days that
maybe this is not so unusual.
--Alex
PS See http://www.faqs.org/rfcs/rfc822.html
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
- Previous message: Chris Knipe: "Re: lmmon + FBSD 5.4"
- In reply to: jonvalverde_at_aol.com: "Finding out original source of e-mail"
- Next in thread: Lars Kristiansen: "Re: Finding out original source of e-mail"
- Reply: Lars Kristiansen: "Re: Finding out original source of e-mail"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
