On 12/23/20 8:54 PM, Tim via users wrote:
Just wondering if anybody can answer a question about email headers
from SMTP servers:
In a recent scam/spam, this is the first header line above the message
content (i.e. it *should* be the first system the mail went through in
the chain, in the normal way SMTP always worked).
Received: from [144.217.20.147] (ip147.ip-144-217-20.net [144.217.20.147])
by vEdge-AC1.cox.com (Postfix) with ESMTP id C3705179FEE;
Tue, 22 Dec 2020 23:47:06 -0500 (EST)
As far as I know, that IP can't be faked (it exists, the host names and
IP resolve in both directions, and it's a fair bet that the message did
go through it). Whois queries say it belongs to OVH Hosting, who are
prolific supporters of spamming.
But is that cox.com domain name something that's user-configurable text
that the spammer could fill in, or is that filled in by software out of
spammer's control?
That's out of the spammer's control, although they can put extra
received records at the start and I think I've seen that before.
As a FQDN it doesn't resolve (for me), and the TLD cox.com resolves to
completely different IPs.
Since that line is created by the receiving email server, it is likely
to be an internal name. What are the next couple of hops?
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
