Author: Jason Ostrom Date: To: exim-users Subject: Re[2]: [Exim] Hiding Source IP in RFC 822 Mail headers
I can understand and appreciate what Kevin has said in regards to
trust and the fact that it isn't transitive.
I do trust my Exim logfiles and believe this came from
imo-mo4.mx.aol.com.
I'm glad you mentioned what you said, David, about AOL's internal
network. I looked closer at a couple of other headers received from
AOL users and employees, and I noticed that whenever "mail_out_v34.13"
is the MUA in the headers, the Source IP appears to be missing.
With this particular abuser, they also used "mail_out_v34.13". So
maybe it is safe to assume that this MUA removes the source IP, and
the abuser isn't as smart as I thought they were?
Regardless, I think AOL should be responsible for this person,
assuming that I am to trust the headers. I have already notified
their Unsolicited Email Internet Abuse Team. I look forward to seeing
what they have to say.
David/Kevin, thanks for your insight.
> kpfleming@??? said:
>> You can't rely on anything in the Received: headers at all,
>> realistically speaking. Any MUA can create any set of Received:
>> headers it wants (including none at all), and nothing ever "verifies"
>> them.
David Woodhouse> I suspect the reason there's no originating IP on that second Received
David Woodhouse> header because AOL's internal network is _weird_.