Re: [Exim] Hiding Source IP in RFC 822 Mail headers

Top Page
Delete this message
Reply to this message
Author: David Woodhouse
Date:  
To: Kevin P. Fleming
CC: exim-users
Subject: Re: [Exim] Hiding Source IP in RFC 822 Mail headers
kpfleming@??? said:
> You can't rely on anything in the Received: headers at all,
> realistically speaking. Any MUA can create any set of Received:
> headers it wants (including none at all), and nothing ever "verifies"
> them.


Well, sort of. The MUA sending a mail can't (seriously) affect the Received
headers added by MTAs through which the mail subsequently passes. So you can
trust the Received: headers all the way back to the first (chronologically
speaking) _trustworthy_ host through which the mail passed. The one before
that is probably at least partly at fault -- either it's an open relay or
one of its 'legitimate' users sent the offending mail.

Sometimes it's not easy to see where the real Received headers end and the
(faked ones if any) start, but it's usually not too hard. In the case of the
mail you received -- presumably you trust the header added by your own box
'mail.natelnetwork.com' ? So the mail really did come from
imo-m04.mx.aol.com, and we can probably trust the previous Received header
too. It looks like it really was sent by an AOL user, at first glance.

I suspect the reason there's no originating IP on that second Received
header because AOL's internal network is _weird_.

--
dwmw2