Re[2]: [Exim] Hiding Source IP in RFC 822 Mail headers

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MDavid Woodhouse at <-
MKevin P. Fleming at ->
Delete this message
Reply to this message
Author: Jason Ostrom
Date:  
To: exim-users
Subject: Re[2]: [Exim] Hiding Source IP in RFC 822 Mail headers
I can understand and appreciate what Kevin has said in regards to
trust and the fact that it isn't transitive.

I do trust my Exim logfiles and believe this came from
imo-mo4.mx.aol.com.

I'm glad you mentioned what you said, David, about AOL's internal
network. I looked closer at a couple of other headers received from
AOL users and employees, and I noticed that whenever "mail_out_v34.13"
is the MUA in the headers, the Source IP appears to be missing.

With this particular abuser, they also used "mail_out_v34.13". So
maybe it is safe to assume that this MUA removes the source IP, and
the abuser isn't as smart as I thought they were?

Regardless, I think AOL should be responsible for this person,
assuming that I am to trust the headers. I have already notified
their Unsolicited Email Internet Abuse Team. I look forward to seeing
what they have to say.

David/Kevin, thanks for your insight.

> kpfleming@??? said:
>> You can't rely on anything in the Received: headers at all,
>> realistically speaking. Any MUA can create any set of Received:
>> headers it wants (including none at all), and nothing ever "verifies"
>> them.

David Woodhouse> I suspect the reason there's no originating IP on that second Received
David Woodhouse> header because AOL's internal network is _weird_.



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [Exim] malformed debug_selector setting: + or - expected but found "11"[Exim] Playing with SMTP AUTH & CRAM-MD5->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)