RichardRiga
asked on
How do I interpret this email header?
I have the following message header that I'd like interpreted. I'd like to know about the multiple "Received: from" dates. I see where it is originally from but would like to know what happened to it since that time. I see that it hits an Argosoft Mail 3 times, seconds apart. WHY does it hit 3 times? One looks like it might be a simple ping but the other two?
Take a look:
Received: from [yyy.yyy.yyy.34] by web.ar.com (ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.9.5)); Wed, 12 May 2010 12:11:39 -0500
Received: from [yyy.yyy.yyy.34] by web.ar.com (ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.9.5)); Wed, 12 May 2010 12:11:38 -0500
Received: from [yyy.yyy.yyy.254] by web.ar.com with SMTP (HELO extyr2.jazz.com) (ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.9.5)); Wed, 12 May 2010 12:11:37 -0500
Received: from ([xxx.xxx.xxx.xxx]) by extyr2; Wed, 12 May 2010 14:00:26 -0400 (EDT)
Date: Wed, 12 May 2010 13:05:04 -0400 (EDT)
From: noname@blah.blah.com
Take a look:
Received: from [yyy.yyy.yyy.34] by web.ar.com (ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.9.5)); Wed, 12 May 2010 12:11:39 -0500
Received: from [yyy.yyy.yyy.34] by web.ar.com (ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.9.5)); Wed, 12 May 2010 12:11:38 -0500
Received: from [yyy.yyy.yyy.254] by web.ar.com with SMTP (HELO extyr2.jazz.com) (ArGoSoft Mail Server Pro for WinNT/2000/XP, Version 1.8 (1.8.9.5)); Wed, 12 May 2010 12:11:37 -0500
Received: from ([xxx.xxx.xxx.xxx]) by extyr2; Wed, 12 May 2010 14:00:26 -0400 (EDT)
Date: Wed, 12 May 2010 13:05:04 -0400 (EDT)
From: noname@blah.blah.com
zeotech
BCC's users perhaps?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
no, it only comes in once, sorry. i was just looking at the 3 argosoft entries and thinking why, why?! i understand the first, last, and the HELO. the other two are baffling
Did you read what I put.. yes the server is one server, but the email sofware is one, antivirus is another so the antivirus software recieves it, then the email software recieves it.. on the same server.. thus it is recieved more than once within the server. The From is faked since it was probably spam they just fake whatever the spammer ...
wants to put
ASKER
cool, thanks, appreciate it