>One more thing about this. Isn't this IP below - [140.247.165.200] - the IP
>of the orginating email?
yes
> >10:20 18:17 SMTPD(BF1F0112) [140.247.165.200] MAIL FROM:<[EMAIL PROTECTED]>
> >10:20 18:17 SMTPD(BF1F0112) [140.247.165.200] RCPT TO:<[EMAIL PROTECTED]>
> >10:20 18:17 SMTPD(BF1F0112) [140.247.165.200] ERR www.lookwww.com invalid
> >user <[EMAIL PROTECTED]
>
>
>If this email originated on our server,
it doesn't, apparently
>say the customer's coldfusion pages sent the email, wouldn't the IP
>number be our IP number? Am I right on that?
yes
>I just want to make sure that this email isn't being generated on our
>server.
if he's not spoofing the ip:
# dig -x 140.247.165.200
; <<>> DiG 8.2 <<>> -x
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUERY SECTION:
;; 200.165.247.140.in-addr.arpa, type = ANY, class = IN
;; ANSWER SECTION:
200.165.247.140.in-addr.arpa. 3H IN PTR roam165-200.student.harvard.edu.
;; AUTHORITY SECTION:
247.140.in-addr.arpa. 3H IN NS ns.harvard.edu.
247.140.in-addr.arpa. 3H IN NS ns1.harvard.edu.
247.140.in-addr.arpa. 3H IN NS ns2.harvard.edu.
;; ADDITIONAL SECTION:
ns.harvard.edu. 3H IN A 128.103.201.100
ns1.harvard.edu. 3H IN A 128.103.200.101
ns2.harvard.edu. 3H IN A 128.103.1.1
Len
http://BIND8NT.MEIway.com: ISC BIND 8.2.2 p5 & 8.2.3 T6B for NT4 & W2K
http://IMGate.MEIway.com: Build free, hi-perf, anti-spam mail gateways
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
