[108550] in North American Network Operators' Group
Re: UltraDNS mail admin around?
daemon@ATHENA.MIT.EDU (Chris Lewis)
Wed Oct 8 13:19:35 2008
Date: Wed, 08 Oct 2008 13:18:16 -0400
From: "Chris Lewis" <clewis@nortel.com>
CC: nanog@nanog.org
In-Reply-To: <48ECE2F7.4070208@psg.com>
Errors-To: nanog-bounces@nanog.org
Randy Bush wrote:
> Randy Bush wrote:
>> Andrey Gordon wrote:
>>> I'm getting bombarded by these
>>>
>>> Received: from 80.224.33.155.static.user.ono.com ([80.224.33.155])by
>>> mxb2eqsj.ultradns.net with esmtp (Exim 4.43)id 1J7YZc-0007qU-4ifor
>>> mason_johnn@i2c.com; Wed, 26 Dec 2007 15:53:36 +0000
>>> Message-ID: <000701c847d7$0379bd21$79a237a3@muffejda>
>>> From: "Handbags" <andrzej@myrealbox.com>
>>> To: "Replica Watches" <mason_johnn@i2c.com>
> was ultra really the next hop?
Either Ultradns is Andrey's mail server, or he appears to have left out
his perimeter's Received line. More likely the latter. Without seeing
the final received line, can't tell whether this really went thru UltraDNS.
Many BOTS forge headers. It's not at all unusual to see:
Received: from a by b (b is my server)
Received: from c by d
where d != a. Meaning the second Received line is entirely fabricated.
