SMTP Headers
By examining the delivery failure received in response to our broken emailearlier, we can deduce more about the target network.
SMTP Header
1.Received: from odin.iss.net ([208.27.176.11]) by msgatl03.iss.net with SMTP
(Microsoft Exchange Internet Mail Service Version 5.5.2650.21)
2.id 3W02J48T; Wed, 19 Jul 2000 10:56:32 -0400
3.Received: from loki.iss.net (IDENT:root@loki [208.21.0.3])
4.by odin.iss.net (8.9.3/8.9.3) with ESMTP id KAA32068
5.for <glyng@odin.iss.net>; Wed, 19 Jul 2000 10:58:07 -0400
6.Received: from atla-mx1.iss.net (atla-mx1.iss.net [208.21.0.9])
7.by loki.iss.net (8.9.3/8.9.3) with ESMTP id KAA20465
8.for <glyng@iss.net>; Wed, 19 Jul 2000 10:57:48 -0400
9.Received: from atla-mx1.iss.net (localhost [127.0.0.1])
10.by atla-mx1.iss.net (8.9.3/8.9.2) with ESMTP id KAA12130
11.for <glyng@iss.net>; Wed, 19 Jul 2000 10:58:48 -0400 (EDT)
12.Received: from bftoemail30.bigfoot.com (bftoemail30.bigfoot.com
[208.156.39.144])
13.by atla-mx1.iss.net (8.9.3/8.9.2) with SMTP id KAA12123
14.for <glyng@iss.net>; Wed, 19 Jul 2000 10:58:47 -0400 (EDT)
15.Received: from bigfoot.com ([192.168.4.191])
16.by bftoemail30.bigfoot.com (Bigfoot Toe Mail v1.0
17.with message handle 000719_110017_1_bftoemail30_smtp;
18.Wed, 19 Jul 2000 11:00:17 -0500
19.for glyng@bigfoot.com
20.Received: from bigfoot.com ([192.168.4.193])
21.by BFLITEMAIL1.bigfoot.com (LiteMail v2.42(BFLITEMAIL1)) with SMTP id
19Jul2000_BFLITEMAIL1_33935_114624170;
22.Wed, 19 Jul 2000 11:00:17 -0400 EST
23.Received: from atla-mx1.iss.net ([208.21.0.9])
24.by BFLITEMAIL3.bigfoot.com (LiteMail v2.43(BFLITEMAIL3)) with SMTP id
19Jul2000_BFLITEMAIL3_42976_169877195;
25.Wed, 19 Jul 2000 11:00:16 -0400 EST
26.Received: from atla-mx1.iss.net (localhost [127.0.0.1])
27.by atla-mx1.iss.net (8.9.3/8.9.2) with ESMTP id KAA12078
28.for <glyng@bigfoot.com>; Wed, 19 Jul 2000 10:58:30 -0400 (EDT)
29.Received: from msgatl01.iss.net (msgatl01.iss.net [208.27.176.33])
30.by atla-mx1.iss.net (8.9.3/8.9.2) with ESMTP id KAA12074
31.for <glyng@bigfoot.com>; Wed, 19 Jul 2000 10:58:30 -0400 (EDT)
32.Received: by msgatl01.iss.net with Internet Mail Service (5.5.2650.21)
33.id <NK51WGYL>; Wed, 19 Jul 2000 10:56:19 -0400
34.Message-ID: <B09C8FB3F83BD411BD4D00508B8BEE3F531B7D@msgatl03.iss.net>
From: System Administrator <postmaster@iss.net>
To: glyng@bigfoot.com
Subject: Undeliverable: Testing
Date: Wed, 19 Jul 2000 10:56:18 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
X-MS-Embedded-Report:
Content-Type: multipart/mixed;
boundary="----_=_NextPart_000_01BFF191.7E7E15CC"
This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.
------_=_NextPart_000_01BFF191.7E7E15CC
Content-Type: text/plain;
charset="iso-8859-1"
------_=_NextPart_000_01BFF191.7E7E15CC
Content-Type: message/rfc822
Message-ID: <200007191458.KAA11966@atla-mx1.iss.net>
From: glyng@bigfoot.com
To:
Subject: Testing
Date: Wed, 19 Jul 2000 10:58:03 -0400
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2650.21)
X-MS-Embedded-Report:
Content-Type: text/plain;
charset="iso-8859-1"
------_=_NextPart_000_01BFF191.7E7E15CC
Each SMTP mail server that handles the e-mail adds it’s comments to
the top of the headers, hence we will start from line 34 from Figure 24
above.
1. Line 34 reveals the name of msgatl03.iss.net - probably an internal
mail server.
2. Line 32 gives us another mail server, msgatl01.iss.net along with the
software (Internet Mail Service) and version (5.5.2650.21).
3. Line 29 reveals msgatl01’s IP, and the name, software and version of
atla-mx1 (which we recall is the primary MX delegation for iss.net).
4. Line 26 echoes some internal mail routing on atla-mx1 - possibly
content analysis or a mail proxy to protect the real mail daemon.
5. Line 23 gives us atla-mx1’s IP.
6. Line 7 reveals another mail server loki and it’s version number.
7. Line 3 furthers this by revealing root@loki as the owner of the
process and another IP address.
8. Finally, line 1 gives us a local mail server and IP - odin and software
and version information about the elusive msgatl03 from line 34.
Clearly, a great deal of information is available (and indeed advertised)
by mail servers, including specific software (and therefore platform)
information, internal IP ranges and even user id’s.
No comments:
Post a Comment