Tracking down email problem

mickalo

Well-Known Member
Apr 16, 2002
782
5
318
N.W. Iowa
Hello,
we got this complaint message regarding some email sent from our server, and was hoping for some assistance or tips on how to track this down how it came from our server who maybe sending it. Below is the entire email header and message we received.

TIA
Mickalo
Code:
From: Michael Schoenberger <[email protected]>
Subject: UCE Complaint (Mail delivery failed: returning message to sender)
To: Abuse <[email protected]>

received: from ms-mta-01 (ms-mta-01 [10.24.14.215]) by 
ms-mss-02.columbus.rr.com (iPlanet Messaging Server 5.2 HotFix 1.21 
(built Sep  8 2003)) with ESMTP id 
<0HVV00FI[email protected]> for 
[email][email protected][/email]; Thu, 08 Apr 2004 13:46:50 -0400 (EDT)

received: from ohmx03.mgw.rr.com (ohmx03.mgw.rr.com [65.24.0.112]) by 
ms-mta-01.columbus.rr.com (iPlanet Messaging Server 5.2 HotFix 1.21 
(built Sep  8 2003)) with ESMTP id 
<[email protected]> for 
[email][email protected][/email] (ORCPT [email][email protected][/email]); Thu, 08 
Apr 2004 13:46:50 -0400 (EDT)

received: from justlightening.justlightening.net 
(rs-64-246-58-87.ev1.net [64.246.58.87] (may be forged)) by 
ohmx03.mgw.rr.com (8.12.10/8.12.8) with ESMTP id i38HkkcB029000	for 
<[email protected]>; Thu, 08 Apr 2004 13:46:47 -0400 (EDT)

received: from mailnull by justlightening.justlightening.net with 
local (Exim 4.24)	id 1BBdZd-0000BK-HL	for 
[email][email protected][/email]; Thu, 08 Apr 2004 12:44:21 -0500
date: Thu, 08 Apr 2004 12:44:21 -0500
from: "Mail Delivery System" <[email protected]>
subject: Mail delivery failed: returning message to sender
to: <[email protected]>
message-id: <[email protected]>
auto-submitted: auto-generated
x-failed-recipients: [email][email protected][/email]
x-antiabuse: This header was added to track abuse,please include it 
with any abuse report
x-antiabuse: Primary Hostname - justlightening.justlightening.net
x-antiabuse: Original Domain - woh.rr.com
x-antiabuse: Originator/Caller UID/GID - [47 12] / [47 12]
x-antiabuse: Sender Address Domain -
x-virus-scanned: Symantec AntiVirus Scan Engine
original-recipient: rfc822; [email][email protected][/email]
x-uidl: 673-1077254428
 

tvcnet

Well-Known Member
PartnerNOC
Aug 15, 2003
121
0
166
San Diego
cPanel Access Level
DataCenter Provider
Hi.

You answered your own question.

Look at the last 8 lines or so:

x-antiabuse: This header was added to track abuse,please include it
with any abuse report
x-antiabuse: Primary Hostname - justlightening.justlightening.net
x-antiabuse: Original Domain - woh.rr.com
x-antiabuse: Originator/Caller UID/GID - [47 12] / [47 12]
x-antiabuse: Sender Address Domain -
x-virus-scanned: Symantec AntiVirus Scan Engine
original-recipient: rfc822; [email protected]

These lines are added by the server telling you where the email was sent from. ;)

In this case it appears the email was sent from the account:
woh.rr.com on server justlightening.net.

Best Wishes,
-Jim