Re: [Exim] Hiding Source IP in RFC 822 Mail headers

Top Page
Delete this message
Reply to this message
Author: Suresh Ramasubramanian
Date:  
To: Jason Ostrom
CC: exim-users
Subject: Re: [Exim] Hiding Source IP in RFC 822 Mail headers
Jason Ostrom <justiceguy@???> writes:

> For example, just today we received an unsolicited, malicious email
> from what appears to be an AOL subscriber. In the expanded headers,


Yes - it is from an AOL subscriber.

> pasted below, it appears that the sender has somehow hidden the source
> IP. I don't think this is the W32/Bugbear malicious code, it looks


AOL's mail software doesn't log source IPs - but you can be reasonably
sure that the address BLACKSMURF134@??? is valid.

> Received: from [64.12.136.7] (helo=imo-m04.mx.aol.com)


That IP does reverse-resolve to imo-m04.mx.aol.com - and the rest of the
headers are consistent with an AOL user using AOL's mail software to
send out mail.

Send this with full headers to TOSEMAIL1@???

        -srs