biripada Posted November 7, 2014 Share Posted November 7, 2014 Hi All, I provide proxy service. and one user sent SAPM MAIL using our service and below is that mail header. I have iptable log enabled , and there is no issue I verified and it giving correct result for other abuse cases like CBL etc. From the below report it tells a connection has been made from : MY_SERVER_IP to 184.108.40.206 at given time. But in IPTABLE log I don't see any connection made to this IP - 220.127.116.11 Am I taking correct destination IP from following header. Pls help. I need to trace the user who spam. Thank you ===================== Received: from core-lga05d.mail.aol.com (core-lga05.mail.aol.com [10.76.11.5]) by mtaomg-aai02.mx.aol.com (OMAG/Core Interface) with ESMTP id E234338000082; Wed, 5 Nov 2014 16:00:39 -0500 (EST) X-MB-Message-Source: WebUI Subject: PLEASE I NEED YOUR URGENT ATTENTION X-MB-Message-Type: User MIME-Version: 1.0 From: xxxxtopher Edward <xxxxtopher.edward2[at]aol.co.uk> Content-Type: multipart/alternative; boundary="--------MB_8D1C752AFAE926C_1104_10EFB3_webmail-va085.sysops.aol.com" X-Mailer: AOL Webmail STANDARD Received: from MY_SERVER_IP by webmail-va085.sysops.aol.com (18.104.22.168) with HTTP (WebMailUI); Wed, 05 Nov 2014 16:00:38 -0500 Message-Id: <8D1C__________________C11D[at]webmail-va085.sysops.aol.com> X-Originating-IP: [MY_SERVER_IP] Date: Wed, 5 Nov 2014 16:00:38 -0500 x-aol-global-disposition: S X-spam-FLAG: YES DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mx.aol.com; s=20140625; t=1415221249; bh=SID3WEUl/Mm/0P3neBBy7O/tQSr64ExaJ7aerAb5RaU=; h=From:Subject:Message-Id:Date:MIME-Version:Content-Type; b=b82VXaKg4vUytw0XjcB4T7bY6IexhDQJJIJufiq1K+Up4e7KjZ97660dgTakwqpBw s8PsYE+PusDtRfA7QruuT0Fx8ZCOsqeoOxqhcTrcmAtVKf+xiG1M+C1eb0IzV4AecD kbFEeD1QNN4axIRvTGnNRzdDW9r2tUk3DKQRekC8= X-AOL-REROUTE: YES x-aol-sid: 3039ac1b0264545a8ff7727f X-spam-Score: 15.9/5 ====================================================== Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.