I presume the following has a forged header, but I'm trying to determine the
logic of it so that I can visually detect them.
Received: (qmail 16498 invoked from network); 7 Jan 2003 10:50:02 -0000
Received: from unknown (HELO 218.252.28.15) (64.59.34.99)
by foma.pair.com with SMTP; 7 Jan 2003 10:50:02 -0000
Received: from unknown (170.127.231.172) by smtp013.mail.yahoo.com with local;
Jan, 07 2003 2:51:34 AM +0400
Received: from unknown (77.222.200.106) by rly-xw01.mx.aol.com with SMTP; Jan,
07 2003 1:52:32 AM +0300
Received: from [203.186.145.225] by hotmail.com (3.2) with ESMTP id
MHotMailBE7297E1009B400437E7CBBA91E10D0B0; Jan, 07 2003 12:55:41 AM +0700
If the header was legit, how would the 3rd received line look? Something
like :
Received: from unknown (HELO 218.252.28.15) (64.59.34.99) by
smtp013.mail.yahoo.com with local;
Jan, 07 2003 2:51:34 AM +0400
Showing a repeat of the previous link in the chain? Is it always so direct
and traceable by ip?
Jeff
~~~~~~~~~~~~
Jefferis Peterson, Pres.
Web Design and Marketing
http://www.PetersonSales.com
Tel . 724-458-7169
ICQ 19112253
"One man gives freely, yet grows all the richer; another withholds what he
should give, and only suffers lack." - Proverbs 11:24
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail