LISTSERV - LSTOWN-L Archives - COMMUNITY.EMAILOGY.COM

LSTOWN-L Archives

LISTSERV List Owners' Forum

LSTOWN-L

	LISTSERV Archives
	LSTOWN-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives
Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Re: Help!
"Edge, Ronald D" <[log in to unmask]>
Wed, 30 Jun 1999 09:07:53 -0500
text/plain (204 lines)
I ran this through Sam Spade, a shareware piece of software
designed to help trace email by analysing the headers.
Her is what Sam had to say about these headers:

>>>>>>>>>>>>>>>>>> begin Sam Spade analysis
The Received: headers are the important ones to read

My comments are just hints, and should be considered only
an opinion. I may have guessed wrong, or things may have
changed since I was written

Received: from gatekeeper.ing.nl by publisher.ssrn.com
    (LSMTP for Windows NT          v1.1a) with SMTP id
    <[log in to unmask]>; Thu, 17 Jun 1999
    20:06:08 -0500
  This received header was added by your mailserver
  publisher.ssrn.com received this from someone claiming
  to be gatekeeper.ing.nl
  (publisher.ssrn.com doesn't record the senders IP
   address in any way I recognise, so it's impossible to be
   sure. All received headers after this one should be
   treated with suspicion)

Received: by ING-mailhub; id DAA20026; Fri, 18 Jun 1999
    03:07:02 +0100          (GMT+0100)
  ING-mailhub received this, but doesn't tell us
  where from.
  (Without a from parameter it's hard to verify later
   received headers. Treat with caution)


From: <[log in to unmask]>
Received: from somewhere by smtpxd
  smtpxd received this from someone claiming
  to be somewhere
  (smtpxd doesn't record the senders IP
   address in any way I recognise, so it's impossible to be
   sure. All received headers after this one should be
   treated with suspicion)


Mime-Version: 1.0
Date: Fri, 18 Jun 1999 03:04:06 +0100
Message-ID: <[log in to unmask]>
To: [log in to unmask]
Subject: unable to deliver mail
Content-Type: multipart/mixed;
    boundary="IMA.Boundary.6441769290"

--IMA.Boundary.6441769290
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
  to be somewhere
  (smtpxd doesn't record the senders IP
   address in any way I recognise, so it's impossible to be
   sure. All received headers after this one should be
   treated with suspicion)


Mime-Version: 1.0
Date: Fri, 18 Jun 1999 03:04:06 +0100
Message-ID: <[log in to unmask]>
To: [log in to unmask]
Subject: unable to deliver mail
Content-Type: multipart/mixed;
    boundary="IMA.Boundary.6441769290"

--IMA.Boundary.6441769290
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
<<<<<<<<<<<<<<<<<<<< end Sam Spade analysis

You appear to be running LSMTP for Windows NT          v1.1a
on your email server, and that may be part of your problem,
as Sam Spade suggests that your NT based equivalent of
sendmail is not recording the originating IP of the email.

You need to have your technicians look into this issue,
as it will make it very hard for you to analyze the received
headers of email at your email server. In addition, this may
also point to other possible weaknesses in your system, e.g.
is it nailed down to prevent external relay by spammers?

ing.nl is implicated by domain name, and here is the RIPE
database entry for that domain. Try contacting some of the
addresses here:

>>>>>>>>>>
Whois ing.nl

% Rights restricted by copyright. See
<http://www.ripe.net/db/dbcopyright.html>

domain:      ing.nl
descr:       see remarks
admin-c:     see remarks
tech-c:      see remarks
zone-c:      not maintained
remarks:     For complete information use the command:
remarks:     whois -h domain-registry.nl ing.nl
mnt-by:      NL-DOMREG
changed:     [log in to unmask] 19950821
source:      RIPE

person:      See Remarks
address:     Postbus 9035
address:     6800 ET Arnhem
address:     The Netherlands
phone:       +31 26 3563567
nic-hdl:     SR1314-RIPE
changed:     [log in to unmask] 19981202
source:      RIPE

person:      not maintained
address:     the person without a name
phone:       +31 26 3563567
e-mail:      [log in to unmask]
nic-hdl:     ARGH
remarks:     this is a placeholder which should have been
remarks:     inserted by domain-registry.nl long ago? dunno.
changed:     [log in to unmask] 19990509
source:      RIPE
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<,,


Ron.

* Ronald D. Edge    Manager of Information Systems
* Indiana University Intercollegiate Athletics  1001 East 17th St
* Bloomington, IN 47408-1590 vox: 812-855-4978  fax: 812-855-0448
* [log in to unmask]  http://www.athletics.indiana.edu/

Someday we'll look back on all this and plow into a parked car.


> -----Original Message-----
> From: Sherry Beauchamp [SMTP:[log in to unmask]]
> Sent: Tuesday, June 29, 1999 6:22 PM
> To:   [log in to unmask]
> Subject:      Help!
>
> Can anyone give me any ideas on tracking down this bounce?  We have no
> subscribers at gatekeeper.ing.nl, ima.rsc1.ing-int or surfnet.nl, and mail
> to both root and postmaster at each of those domains also bounces.  I'm
> totally at a loss ...
>
> Sherry Beauchamp
>
> >>>The enclosed mail file has been  identified as a delivery error for
> list
> >>>ERN-SUPER because it was sent to the reserved 'owner-ern-super'
> mailbox.
> >>>
> >>>------------------------------ Message in error
> >>>-------------------------------
> >>>Received: from gatekeeper.ing.nl by publisher.ssrn.com (LSMTP for
> Windows NT
> >>>          v1.1a) with SMTP id <[log in to unmask]>; Thu, 17
> >>>Jun 1999
> >>>          20:06:08 -0500
> >>>Received: by ING-mailhub; id DAA20026; Fri, 18 Jun 1999 03:07:02 +0100
> >>>          (GMT+0100)
> >>>From: <[log in to unmask]>
> >>>Received: from somewhere by smtpxd
> >>>Mime-Version: 1.0
> >>>Date: Fri, 18 Jun 1999 03:04:06 +0100
> >>>Message-ID: <[log in to unmask]>
> >>>To: [log in to unmask]
> >>>Subject: unable to deliver mail
> >>>Content-Type: multipart/mixed; boundary="IMA.Boundary.6441769290"
> >>>
> >>>--IMA.Boundary.6441769290
> >>>Content-Type: text/plain
> >>>Content-Transfer-Encoding: 7bit
> >>>
> >>>This message was returned to you for the following reasons:
> >>>
> >>>    AttachOtherMessage: tempnam failed.
> >>>
> >>>The original message follows.
> >>>
> >>>--IMA.Boundary.6441769290
> >>>Content-type: message/rfc822
> >>>
> >>>Received: from gatekeeper.ing.nl ([57.192.187.194]) by ima.rsc1.ing-int
> >>>with SMTP
> >>>  (IMA Internet Exchange 3.11) id 0000A3CD; Fri, 18 Jun 1999 03:04:01
> +0100
> >>>Received: by ING-mailhub; id DAA17667; Fri, 18 Jun 1999 03:06:56 +0100
> >>>(GMT+0100)
> >>>Message-Id: <[log in to unmask]>
> >>>Received: from listserv-mail.surfnet.nl by gatekeeper.ing.nl (smtpxd);
> >>>id XA21942
> >>>Received: from listserv-mail (listserv-mail.surfnet.nl) by
> >>>listserv-mail.surfnet.nl (LSMTP for Windows NT v1.1b) with SMTP id
> >>><[log in to unmask]>; Fri, 18 Jun 1999 3:07:26 +0200
> >>>Date:         Thu, 17 Jun 1999 08:17:19 -0800
> >>>Reply-To: [log in to unmask]
> >>>Sender: Economics Research Network <[log in to unmask]>
> >>>From: Economics Research Network <[log in to unmask]>
> >>>Subject:      ERN Professional Announcements and Job Openings,
> 06/17/1999
> >>>To: [log in to unmask]
ATOM RSS1 RSS2
COMMUNITY.EMAILOGY.COM