Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Tracking down email problem

Discussion in 'E-mail Discussion' started by mickalo, Apr 9, 2004.

  1. mickalo

    mickalo Well-Known Member

    Joined:
    Apr 16, 2002
    Messages:
    782
    Likes Received:
    5
    Trophy Points:
    318
    Location:
    N.W. Iowa
    Hello,
    we got this complaint message regarding some email sent from our server, and was hoping for some assistance or tips on how to track this down how it came from our server who maybe sending it. Below is the entire email header and message we received.

    TIA
    Mickalo
    Code:
    From: Michael Schoenberger <mschoenberger@woh.rr.com>
    Subject: UCE Complaint (Mail delivery failed: returning message to sender)
    To: Abuse <abuse@justlightening.justlightening.net>
    
    received: from ms-mta-01 (ms-mta-01 [10.24.14.215]) by 
    ms-mss-02.columbus.rr.com (iPlanet Messaging Server 5.2 HotFix 1.21 
    (built Sep  8 2003)) with ESMTP id 
    <0HVV00FI55E2ML@ms-mss-02.columbus.rr.com> for 
    [email]mschoenberger@woh.rr.com[/email]; Thu, 08 Apr 2004 13:46:50 -0400 (EDT)
    
    received: from ohmx03.mgw.rr.com (ohmx03.mgw.rr.com [65.24.0.112]) by 
    ms-mta-01.columbus.rr.com (iPlanet Messaging Server 5.2 HotFix 1.21 
    (built Sep  8 2003)) with ESMTP id 
    <0HVV00EM55E2IE@ms-mta-01.columbus.rr.com> for 
    [email]mschoenberger@woh.rr.com[/email] (ORCPT [email]mschoenberger@woh.rr.com[/email]); Thu, 08 
    Apr 2004 13:46:50 -0400 (EDT)
    
    received: from justlightening.justlightening.net 
    (rs-64-246-58-87.ev1.net [64.246.58.87] (may be forged)) by 
    ohmx03.mgw.rr.com (8.12.10/8.12.8) with ESMTP id i38HkkcB029000	for 
    <mschoenberger@woh.rr.com>; Thu, 08 Apr 2004 13:46:47 -0400 (EDT)
    
    received: from mailnull by justlightening.justlightening.net with 
    local (Exim 4.24)	id 1BBdZd-0000BK-HL	for 
    [email]mschoenberger@woh.rr.com[/email]; Thu, 08 Apr 2004 12:44:21 -0500
    date: Thu, 08 Apr 2004 12:44:21 -0500
    from: "Mail Delivery System" <Mailer-Daemon@justlightening.justlightening.net>
    subject: Mail delivery failed: returning message to sender
    to: <mschoenberger@woh.rr.com>
    message-id: <E1BBdZd-0000BK-HL@justlightening.justlightening.net>
    auto-submitted: auto-generated
    x-failed-recipients: [email]customersupport@optionpro.com[/email]
    x-antiabuse: This header was added to track abuse,please include it 
    with any abuse report
    x-antiabuse: Primary Hostname - justlightening.justlightening.net
    x-antiabuse: Original Domain - woh.rr.com
    x-antiabuse: Originator/Caller UID/GID - [47 12] / [47 12]
    x-antiabuse: Sender Address Domain -
    x-virus-scanned: Symantec AntiVirus Scan Engine
    original-recipient: rfc822; [email]mschoenberger@woh.rr.com[/email]
    x-uidl: 673-1077254428
    
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  2. tvcnet

    tvcnet Well-Known Member
    PartnerNOC

    Joined:
    Aug 15, 2003
    Messages:
    118
    Likes Received:
    0
    Trophy Points:
    166
    Location:
    San Diego
    cPanel Access Level:
    DataCenter Provider
    Hi.

    You answered your own question.

    Look at the last 8 lines or so:

    x-antiabuse: This header was added to track abuse,please include it
    with any abuse report
    x-antiabuse: Primary Hostname - justlightening.justlightening.net
    x-antiabuse: Original Domain - woh.rr.com
    x-antiabuse: Originator/Caller UID/GID - [47 12] / [47 12]
    x-antiabuse: Sender Address Domain -
    x-virus-scanned: Symantec AntiVirus Scan Engine
    original-recipient: rfc822; mschoenberger@woh.rr.com

    These lines are added by the server telling you where the email was sent from. ;)

    In this case it appears the email was sent from the account:
    woh.rr.com on server justlightening.net.

    Best Wishes,
    -Jim
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice