Who do you trust is the question. The first line shows that a machine calling itself 169.139.15.251 (Call it "B") connected to your mailhost ("A"), but your mailhost saw its IP address was 210.91.16.8. If you own machine B, or if it's your trusted ISP, that's fine. Otherwise it was just a spammer at 210.91.168.8 trying to cover his tracks.
The next line after that points to 157.124.218.229. If you trust machine B to resolve the address correctly, that's where you should look. But if you don't it is likely misdirection - a forged header. 210.91.168.8 has a lot of listings in http://rbls.org. If it isn't the spammer, the owner has a lot of problems. 157.124.218.229 has no listings of significance. -- be - MOS Nothing can be done in one trip. --Snider > -----Original Message----- > From: Jose Manzano [mailto:[EMAIL PROTECTED] > Sent: Wednesday, August 06, 2003 9:05 AM > To: Exchange Discussions > Subject: Internet Header Question > > > Hello Group, > > I have a question about the Internet headers of an Email. > If one looks at > this Spam Email Header ---- > --------------------------------------------------------------------- > Received: from 169.139.15.251 (210.91.16.8 [210.91.16.8]) by > mail.wpbpl.com with SMTP (Microsoft Exchange Internet Mail > Service Version > 5.5.2656.59) > id PYC9TG9D; Wed, 6 Aug 2003 07:22:09 -0400 > Received: from [157.124.218.229] by 169.139.15.251 with SMTP; > Wed, 06 Aug > 2003 15:21:11 +0600 > Message-ID: <[EMAIL PROTECTED]> > From: "Beckie Yaung" <[EMAIL PROTECTED]> > Reply-To: "Beckie Yaung" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: my pictures are ready now > Date: Wed, 06 Aug 2003 15:21:11 +0600 > X-Mailer: Microsoft Outlook Express 5.50.4522.1200 > MIME-Version: 1.0 > Content-Type: multipart/alternative; > boundary="F11140.F0BB5D4" > X-Priority: 1 > --F11140.F0BB5D4 > Content-Type: text/html; > Content-Transfer-Encoding: quoted-printable > > --F11140.F0BB5D4-- > > ---------------------------------------------------------------------- > > > Would the spam be coming from the 210.91.16.8, > 169.139.15.251, or the > 157.124.218.229 IP? > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]