Re: What the heck is going on?
From: George Hester (hesterloli_at_hotmail.com)
Date: 08/26/03
- Next message: John McGaw: "Re: Sobig virus version F"
- Previous message: Bill Sanderson: "Re: ** Sobig.F attack expected 3:00pm to 6:00pm EST today [Friday 22]"
- In reply to: George Hester: "What the heck is going on?"
- Next in thread: John McGaw: "Re: What the heck is going on?"
- Reply: John McGaw: "Re: What the heck is going on?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 25 Aug 2003 18:10:45 -0400
OK that one was pretty simple actually. They are not normally this simple.
Usually there are many Received from's. So if there are more then one do I
pick the one at the top of the list or at the bottom? Thanks. Actually to
me it is clearer seeing:
X-Originating-IP:
but I suppose not all Bouncers are created equal?
-- George Hester __________________________________ "George Hester" <hesterloli@hotmail.com> wrote in message news:#I9dkA0aDHA.3248@tk2msftngp13.phx.gbl... > I have received about 14 Non-deliverable messages in my Hotmail Inbox today. > All with a variety of email addresses I have never sent to and from Domains > I have never heard of. All telling me a virus I sent them caused the e-mail > to be non-deliverable. Some even include the virus in ASCII rendition of > the binary. > > So I sent a email using my Hotmail address to a location I knew did not > exist. I did this to see if my IP address was in the Non-deliverable > e-mail. And it was. But in these Non-deliverable virus emails they do not > include my IP address nor do they contain the SMTP header: > > X-Originating-IP: > > This makes it difficult determing what the IP address of the originating > email was that generated the non-delivery. Here is an example: > > X-Message-Info: JGTYoYF78jEHjJx36Oi8+YDSEg8qKPPD > Received: from agmay.LIQUIDWWW.COM ([64.246.50.15]) by > mc3-f34.law16.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); > Mon, 25 Aug 2003 12:09:50 -0700 > Received: from mailnull by agmay.LIQUIDWWW.COM with local (Exim 4.20) > id 19rMiu-00076V-VB > for hesterloli@hotmail.com; Mon, 25 Aug 2003 14:09:52 -0500 > X-Failed-Recipients: agmay@agmay.com > From: Mail Delivery System <Mailer-Daemon@agmay.LIQUIDWWW.COM> > To: hesterloli@hotmail.com > Subject: Mail delivery failed: returning message to sender > Message-Id: <E19rMiu-00076V-VB@agmay.LIQUIDWWW.COM> > Date: Mon, 25 Aug 2003 14:09:52 -0500 > X-AntiAbuse: This header was added to track abuse, please include it with > any abuse report > X-AntiAbuse: Primary Hostname - agmay.LIQUIDWWW.COM > X-AntiAbuse: Original Domain - hotmail.com > X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] > X-AntiAbuse: Sender Address Domain - > Return-Path: <> > X-OriginalArrivalTime: 25 Aug 2003 19:09:51.0233 (UTC) > FILETIME=[75A2F710:01C36B3C] > > This message was created automatically by mail delivery software. > > A message that you sent could not be delivered to one or more of its > recipients. This is a permanent error. The following address(es) failed: > > agmay@agmay.com > This message has been rejected because it has > a potentially executable attachment "document_9446.pif" > This form of attachment has been used by > recent viruses or other malware. > If you meant to send this file then please > package it up as a zip file and resend it. > > ------ This is a copy of the message, including all the headers. ------ > > Return-path: <hesterloli@hotmail.com> > Received: from [212.235.64.119] (helo=P850) > by agmay.LIQUIDWWW.COM with esmtp (Exim 4.20) > id 19rMiX-000765-1l > for agmay@agmay.com; Mon, 25 Aug 2003 14:09:31 -0500 > From: <hesterloli@hotmail.com> > To: <agmay@agmay.com> > Subject: Re: Re: My details > Date: Mon, 25 Aug 2003 21:09:14 +0200 > X-MailScanner: Found to be clean > Importance: Normal > X-Mailer: Microsoft Outlook Express 6.00.2600.0000 > X-MSMail-Priority: Normal > X-Priority: 3 (Normal) > MIME-Version: 1.0 > Content-Type: multipart/mixed; > boundary="_NextPart_000_02CC0A5A" > Message-Id: <E19rMiX-000765-1l@agmay.LIQUIDWWW.COM> > > This is a multipart message in MIME format > > --_NextPart_000_02CC0A5A > Content-Type: text/plain; > charset="iso-8859-1" > Content-Transfer-Encoding: 7bit > > Please see the attached file for details. > --_NextPart_000_02CC0A5A > Content-Type: application/octet-stream; > name="document_9446.pif" > Content-Transfer-Encoding: base64 > Content-Disposition: attachment; > filename="document_9446.pif" > > Can anyone tell me where the: > > X-Originating-IP: > > is in these headers? Thanks. > > -- > George Hester > __________________________________ > >
- Next message: John McGaw: "Re: Sobig virus version F"
- Previous message: Bill Sanderson: "Re: ** Sobig.F attack expected 3:00pm to 6:00pm EST today [Friday 22]"
- In reply to: George Hester: "What the heck is going on?"
- Next in thread: John McGaw: "Re: What the heck is going on?"
- Reply: John McGaw: "Re: What the heck is going on?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
