Re: a question on email headers
On Tuesday 15 April 2003 02:34 am, Al Davis wrote:
> Received: from foo.bar.edu ([192.168.99.199])
> by my.computer.net with esmtp (Exim 3.35 #1 (Debian))
> id 195LgM-0001Yv-00
> for <email@example.com>; Tue, 15 Apr 2003 02:20:46
> Received: (from davialbe@localhost)
> by foo.bar.edu (8.11.6/8.11.6) id h3F8Lu930444
> for firstname.lastname@example.org; Tue, 15 Apr 2003 02:21:56
On Tuesday 15 April 2003 03:17 am, Alvin Oga wrote:
> given the info, i'd guess
> a. you sent from your davialbe acct
> b. you received on your foo.bar.edu acct
No. received by email@example.com.
The second one was placed there by the sending system. I
realize that that one and any before it can be faked.
The first one was generated by mine. I know that the name
(foo.bar.edu) comes from the "HELO" command by the MTA, and it
could say anything there.
I suppose, as Anders said, that the IP number is almost
guaranteed to be valid. It is the address of the system that
logged into port 25. Thinking about it a little more... A
particular system would be on some subnet. If it claims to be
something completely different, it would be a different subnet,
and would be blocked.
So, it seems to me that it IS possible to claim to be a
different machine on the same subnet.
> am thinking, there should be another received line entry
> between these 2 headers unless you used your "laptop" to
> send email to your bar.edu acct from inside their lan
No. That's all. Only 2. The sending computer has its own MTA
and does not rely on a smart host. Both are directly on the
If there is a middle one, that could be faked.