Re: [Exim] Hiding Source IP in RFC 822 Mail headers

Top Page

Reply to this message
Author: Kevin P. Fleming
Date:  
CC: exim-users
Subject: Re: [Exim] Hiding Source IP in RFC 822 Mail headers
Jason Ostrom wrote:

> With this particular abuser, they also used "mail_out_v34.13". So
> maybe it is safe to assume that this MUA removes the source IP, and
> the abuser isn't as smart as I thought they were?
>


If this is really an MUA, it will never see the Received header. If this
is actually the first-hop MTA (more likely), the situation is just that
the Received header that it adds never _had_ the source IP. I don't
think anyone along this path is _removing_ the source IP, it was just
never added.

Understand that any MTA can format its Received header (or not add one
at all) in any format it chooses. So, most likely there's nothing weird
going on here in terms of anyone modifying headers or hiding them or
such, this particular message path just doesn't generate an initial
Received headed with any IP addresses in it.