Steve Litt wrote:
> On Tuesday 22 March 2005 09:50 pm, Chad Perrin wrote:
>
>>Steve: Is this you?
>>
>>from dialup-4.238.20.110.dial1.orlando1.level3.net ([4.238.20.110]
>>helo=mydesk.domain.cxm) by pop-a065c10.pas.sa.earthlink.net with esmtp
>>(Exim 3.33 #1) id 1DDoez-00012z-00 for flalug@nks.net; Tue, 22 Mar 2005
>>11:03:25 -0800
>
>
> Abso-lutely! It's me, Steve Litt, AKA SteveT.
>
> I actually found flalug through you. Looking through the archives of another
> list, I asked myself, "who's this Chad Perrin who doesn't put up with a lot
> of *(*#$^ from the local troll". So I googled you, found you on flalug, liked
> flalug, and joined.
Wow. I'm flattered. I'm glad you made it to the party.
>>Instructions . . .
>>
>>Step 1: View email headers. (See above example of relevant data.)
>>
>>Step 2: Get data from headers that identify your target.
>
>
> That's my question. Which header identifies the SMTP server that sent the
> thing out, as opposed to the user that sent it out.
Basically, it tends to be the second header item (chronologically)
indicating message path. Generally, the first is the sender, and the
second is the SMTP server. There should be hints in the header entry
that indicate an ISP mail server, or something along those lines, is the
computer to which it's referring.
-- Chad [ CCD CopyWrite | http://ccd.apotheon.org ]
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:22:04 EDT