Re[2]: [Exim] Hiding Source IP in RFC 822 Mail headers

Top Page
Delete this message
Reply to this message
Author: Jason Ostrom
Date:  
To: exim-users
Subject: Re[2]: [Exim] Hiding Source IP in RFC 822 Mail headers
I can understand and appreciate what Kevin has said in regards to
trust and the fact that it isn't transitive.

I do trust my Exim logfiles and believe this came from
imo-mo4.mx.aol.com.

I'm glad you mentioned what you said, David, about AOL's internal
network. I looked closer at a couple of other headers received from
AOL users and employees, and I noticed that whenever "mail_out_v34.13"
is the MUA in the headers, the Source IP appears to be missing.

With this particular abuser, they also used "mail_out_v34.13". So
maybe it is safe to assume that this MUA removes the source IP, and
the abuser isn't as smart as I thought they were?

Regardless, I think AOL should be responsible for this person,
assuming that I am to trust the headers. I have already notified
their Unsolicited Email Internet Abuse Team. I look forward to seeing
what they have to say.

David/Kevin, thanks for your insight.

> kpfleming@??? said:
>> You can't rely on anything in the Received: headers at all,
>> realistically speaking. Any MUA can create any set of Received:
>> headers it wants (including none at all), and nothing ever "verifies"
>> them.


David Woodhouse> I suspect the reason there's no originating IP on that second Received
David Woodhouse> header because AOL's internal network is _weird_.