Title: internet email header question
Allen, go to www.samspade.org and download Sam Spade for
Windows. It's a great utility that will help you track info in headers,
etc. FYI, it won't work if you're inside a Proxy, but you can run it on
the Proxy server and it will work then.
Good
luck.
-MichèleImmigration site: http://LadySun1969.tripod.com The
Miata: http://members.cardomain.com/bpituley
Tiggercam: http://www.tiggercam.co.uk
- I'm Out of
Estrogen And I Have A Gun
-
-Original Message-From: Allen Crawford
[mailto:[EMAIL PROTECTED]]Sent: Friday, December 14, 2001 8:10
AMTo: MS-Exchange Admin IssuesSubject: internet email
header question
I often get confused when looking at these headers and I was
wondering if anyone could help describe exactly what this means to me. I'm
trying to determine where the source of the spam is coming from on this
particular email. The part that is confusing me is where it is received by
two different servers, first by my server (noelani.mailcode.com) from
server2000.kunchien.idv.tw and then again by that server from
mailin-01.mx.aol.com. Even on legitimate email messages it usually has two
received by lines (like my bottom example), but that makes more sense to me
since my server has the later date/time stamp, unlike the first example.
Unless I'm reading the data/time wrong. If anyone can explain it to me
that would be great (either online or offline) and/or point me in the right
direction to figure it out myself. Thanks a lot.
FIRST HEADER
Received: from server2000.kunchien.idv.tw
(61-219-228-138.HINET-IP.hinet.net [61.219.228.138]) by noelani.mailcode.com
with SMTP (Microsoft Exchange Internet Mail Service Version
5.5.2653.13)
id YYVQL2HY; Fri, 14
Dec 2001 07:10:14 -0500 Received: from
mailin-01.mx.aol.com ([209.31.211.115]) by server2000.kunchien.idv.tw with
Microsoft SMTPSVC(5.0.2195.1600);
Fri, 14 Dec
2001 20:11:44 +0800 Message-ID:
63f07644$38ec$[EMAIL PROTECTED] To:
[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED],[EMAIL PROTECTED]
Cc: [EMAIL PROTECTED],
[EMAIL PROTECTED],
[EMAIL PROTECTED],
[EMAIL PROTECTED],
[EMAIL PROTECTED] From:
[EMAIL PROTECTED] Subject: Isn't It Time You Solved
Your "little"
Problem?
29102 Date: Fri, 14 Dec 2001 04:19:13 -2000
MIME-Version: 1.0 Content-Type:
text/plain; charset="Windows-1252" Content-Transfer-Encoding:
7bit Reply-To: [EMAIL PROTECTED] X-Mailer:: Internet Mail Service (5.5.2650.21) Return-Path: [EMAIL PROTECTED] X-OriginalArrivalTime: 14 Dec 2001 12:11:45.0699 (UTC)
FILETIME=[7FCAFF30:01C18498]
SECOND HEADER
Received: from uuout11smtp2.uu.flonetwork.com ([205.150.6.42])
by noelani.mailcode.com with SMTP (Microsoft Exchange Internet Mail Service
Version 5.5.2653.13)
id YYVQL2C8; Fri, 14
Dec 2001 00:31:25 -0500 Received: from uucore10pumper1
(uuout11relay1.uu.flonetwork.com [172.20.71.10])
by
uuout11smtp2.uu.flonetwork.com (Postfix) with SMTP id 3991E24EED
for
[EMAIL PROTECTED]; Fri, 14 Dec 2001 00:24:19 -0500 (EST)
Message-Id:
[EMAIL PROTECTED] From: eWEEK News [EMAIL PROTECTED]
To: [EMAIL PROTECTED] Subject: OS
Flaw Opens Systems to Remote Attackers MIME-Version:
1.0 Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit Date:
Fri, 14 Dec 2001 00:24:19 -0500 (EST)