On 5/3/04 at 11:21, David Haney wrote:
> Anyone,
>
> There are 2 IP in the header. I assume the first one is the one SIMS
> recognizes and the one that I add to the blacklist
Correct. It's the IP address or the connection that your server received.
> but what does the 2nd one mean and what is HELO in front of it?
The info enclosed in parentheses -- (HELO 205.179.78.80) -- is what the
sending MTA sent to your server as its SMTP HELO (part of the SMTP
conversation). Essentially, the remote server is claiming to be
205.179.78.80, which is your mail server (mail.davidhaney.com). Your
server, of course, knows that's not true, but lame spamware still tries to
get away with it. SIMS can't reject messages based on bad HELO/EHLO
arguments, but it does note the HELO in its the received headers, valid or
not.
> ********
> Return-Path: [EMAIL PROTECTED]
> Received: from [61.100.149.11] (HELO 205.179.78.80) by davidhaney.com
> (Stalker SMTP Server 1.8b8) with SMTP id S.0000137147 for
> <[EMAIL PROTECTED]>; Sun, 02 May 2004 22:56:19 -0700
> ********
--
Christopher Bort | [EMAIL PROTECTED]
Webmaster, Global Homes | [EMAIL PROTECTED]
<http://www.globalhomes.com/>
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
