On 12/23/20 8:54 PM, Tim via users wrote:
Just wondering if anybody can answer a question about email headers from SMTP servers:In a recent scam/spam, this is the first header line above the message content (i.e. it *should* be the first system the mail went through in the chain, in the normal way SMTP always worked). Received: from [144.217.20.147] (ip147.ip-144-217-20.net [144.217.20.147]) by vEdge-AC1.cox.com (Postfix) with ESMTP id C3705179FEE; Tue, 22 Dec 2020 23:47:06 -0500 (EST) As far as I know, that IP can't be faked (it exists, the host names and IP resolve in both directions, and it's a fair bet that the message did go through it). Whois queries say it belongs to OVH Hosting, who are prolific supporters of spamming. But is that cox.com domain name something that's user-configurable text that the spammer could fill in, or is that filled in by software out of spammer's control?
That's out of the spammer's control, although they can put extra received records at the start and I think I've seen that before.
As a FQDN it doesn't resolve (for me), and the TLD cox.com resolves to completely different IPs.
Since that line is created by the receiving email server, it is likely to be an internal name. What are the next couple of hops?
_______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
