Free Republic
Browse · Search 		News/Activism
Topics · Post Article

To: kcvl

details? post privately if you must. Would like to get this out...


43 posted on 01/25/2010 10:08:51 AM PST by The Big Boo (This bird is sone)
[ Post Reply | Private Reply | To 41 | View Replies ]

To: The Big Boo

here’s the latest on the analysis for Hot Air

http://hotair.com/archives/2010/01/25/ellie-light-speaks-and-speaks-and-speaks/

Ed, the only truthful line in the header will be
a) the one you removed showing your mailserver being connected to by the Ellie Light border mailserver.

Return-path is added by your mailserver to indicate the RCVD FROM portion of the envelope.

All e-mail has the following information:
a) Connection info, which includes the local and foreign IP address pairs. This cannot be spoofed, because e-mail is delivered via TCP, which has a handshaking protocol, and the protocol would break to the point that the e-mail could not be delivered.
b) Envelope information, such as HELO/EHLO (text identity of sending server), RCPT (To:), and RCVD FROM (From:). Only RCPT must be correct, because if you don’t give a valid recipient e-mail address, the receiving mailserver does not know to whom to route the e-mail.
c) Header information, all of which can be falsified, and
d) Body information (the text of the e-mail, including any attachments). This is the payload the sender wants delivered for you to examine, for whatever purpose.

Your mailserver adds a (Received From:) header, detailing the connection information, as well as the EHLO/HELO salutation used to deliver the message; that is the line you removed.

Your mailserver also added “Envelope-to” from the RCPT portion of the envelope.

The Received lines in the text you provide are in the wrong order (should be latest handler first, with the lines going back in time), unless you reordered them while pasting.

My mailserver’s DNSBL blocks telecomitalia.it — it’s a known nest of spammers and scammers. If anything came out of there, it was probably anonymized out of recognition.

That someone is going to this trouble to fake headers indicates a criminal operation (or that these people have obtained copies of criminal-style mailers such as SpamBlaster). Normal mailers don’t do this stuff.

X-Mozilla-Keys indicates that you used a Thunderbird reader and placed the e-mail into a local folder (as opposed to using LDAP). If that header came in the e-mail, that’s a bug in the sender’s mail agent.

I can’t see anything that would give you the information you are seeking.

If you feel comfortable, put back in the missing “Received” line but remove YOUR mailserver (the “by” portion) from that line. Then we’ll have a real piece of data to go on.

unclesmrgol on January 25, 2010 at 12:28 PM


45 posted on 01/25/2010 10:41:55 AM PST by The Big Boo (This bird is sone)
[ Post Reply | Private Reply | To 43 | View Replies ]

Free Republic
Browse · Search 		News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson