Who do you trust is the question.
The first line shows that a machine calling itself 169.139.15.251 (Call
it "B") connected to your mailhost ("A"), but your mailhost saw its IP
address was 210.91.16.8. If you own machine B, or if it's your trusted
ISP, that's fine. Otherwise it was just a spammer at 210.91.168.8 trying
to cover his tracks.
The next line after that points to 157.124.218.229. If you trust machine
B to resolve the address correctly, that's where you should look. But if
you don't it is likely misdirection - a forged header.
210.91.168.8 has a lot of listings in http://rbls.org. If it isn't the
spammer, the owner has a lot of problems. 157.124.218.229 has no
listings of significance.
--
be - MOS
Nothing can be done in one trip. --Snider
> -----Original Message-----
> From: Jose Manzano [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, August 06, 2003 9:05 AM
> To: Exchange Discussions
> Subject: Internet Header Question
>
>
> Hello Group,
>
> I have a question about the Internet headers of an Email.
> If one looks at
> this Spam Email Header ----
> ---------------------------------------------------------------------
> Received: from 169.139.15.251 (210.91.16.8 [210.91.16.8]) by
> mail.wpbpl.com with SMTP (Microsoft Exchange Internet Mail
> Service Version
> 5.5.2656.59)
> id PYC9TG9D; Wed, 6 Aug 2003 07:22:09 -0400
> Received: from [157.124.218.229] by 169.139.15.251 with SMTP;
> Wed, 06 Aug
> 2003 15:21:11 +0600
> Message-ID: <[EMAIL PROTECTED]>
> From: "Beckie Yaung" <[EMAIL PROTECTED]>
> Reply-To: "Beckie Yaung" <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Re: my pictures are ready now
> Date: Wed, 06 Aug 2003 15:21:11 +0600
> X-Mailer: Microsoft Outlook Express 5.50.4522.1200
> MIME-Version: 1.0
> Content-Type: multipart/alternative;
> boundary="F11140.F0BB5D4"
> X-Priority: 1
> --F11140.F0BB5D4
> Content-Type: text/html;
> Content-Transfer-Encoding: quoted-printable
>
> --F11140.F0BB5D4--
>
> ----------------------------------------------------------------------
>
>
> Would the spam be coming from the 210.91.16.8,
> 169.139.15.251, or the
> 157.124.218.229 IP?
>
> _________________________________________________________________
> List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
> Web Interface:
> http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t
ext_mode=&lang=english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Web Interface:
http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
