[Tfug] {Disarmed} Re: Tracking down a miscreant
John Gruenenfelder
johng at as.arizona.edu
Sat May 31 23:33:38 MST 2008
On Sat, May 31, 2008 at 06:37:46PM -0700, Choprboy wrote:
>> Neither have I. I guess I should give it a shot. I know IPs work in most
>> contexts... maybe with SMTP, too?
>
>Well.... 206.169.90.30 seems to be a colo'd machine in San Jose. It does have
>a SMTP server running, as well as HTTP. The machine identifies itself as
>running Debian.. though doesn;t give it's hostname in headers anywhere.
I'm guessing the box is named 'foxstar' like mine is since the local cron
errors are going to root at foxstar. Somehow, though, the local Exim is treating
that at root at foxstar.merseine.nu and then off the messages go towards my box.
Having the same hostname I can imagine, but the odds seem pretty tiny that the
other box would also have the same FQDN. Maybe something else is occuring,
but I can't think of another way that would confuse Exim into sending those
mails to my machine instead.
>You could try sending to the IP address... though the mail software may
>refuse
>it as not being a local domain. If you are comfortable with telnet'ing SMTP,
>I would manually connect and send an email to root at localhost.
>
>Adrian
Tried it with my own mailer and Mutt, but Exim 4.69 rejected it as unroutable
before it even left the machine.
So, as you suggested, I've sent the same mail to root at localhost after
telnet'ing to port 25 on his machine. It hasn't been delivered to me yet, so
that's a good sign. :) Hopefully, he/she actually checks root's mail (or
whatever account it is forwarded to).
--
--John Gruenenfelder Research Assistant, UMass Amherst student
Systems Manager, MKS Imaging Technology, LLC.
Try Weasel Reader for PalmOS -- http://weaselreader.org
"This is the most fun I've had without being drenched in the blood
of my enemies!"
--Sam of Sam & Max
More information about the tfug
mailing list