Stuart McLachlan
stuart at lexacorp.com.pg
Wed Jul 9 18:52:05 CDT 2003
On 9 Jul 2003 at 15:40, paul.hartland at fsmail.net wrote: > To all, > > I'm working on a project for my own use, and need to know if there's a > way to automatically detect the name/address of the SMTp server that > the person sends email through. > > Paul In general, you just need to parse out the last (in sequence, first in time) Time Stamp Line(s) in the message headers. See RFC 821. Sect 4.1.2 for specifications of this line. Your message tells me: Received: from fep04-svc.ttys.com (mx-out.ttys.com [80.239.199.130]) by databaseadvisors.com (8.11.6/8.11.6) with ESMTP id h69FenQ02022; Wed, 9 Jul 2003 10:40:49 -0500 Received: from localhost ([127.0.0.1]) by fep04-svc.ttys.com (InterMail vM.5.01.03.13 201-253-122-118-113-20010918) with SMTP id <20030709154050.OBHR1637.fep04-svc.ttys.com at localhost>; So your SMTP Server appears to be 80.239.199.130 and it's called both fep04-svc.ttys.com (it's internal name) or mx_out.ttys.com (it's Canonical name which you get when you do a nslookup on 80.239.199.130). It also tells me what mail server software ttys.com is using. Note: If you are trying to use it to track spam though, that won't work for very often since they generally forge some of the headers. -- Lexacorp Ltd http://www.lexacorp.com.pg Information Technology Consultancy, Software Development,System Support.