tracing fakemails

tracing fakemails

Post by Lorenz Gla » Thu, 24 Nov 1994 00:16:40



Is there ANY way to trace back fake emails? Are there for example
system files that record connections to SMTP, thus allowing to
trace who used fakemail originating from a certain machine?
Is there a way to find out which machine was used to send
the fakemail? etc.....

Tanks for any help!

Lorenz Glatz                                        \\///  

-------------------------------------------------ooO-(_)-Ooo-----------

 
 
 

tracing fakemails

Post by jest » Fri, 25 Nov 1994 00:35:13



> Is there ANY way to trace back fake emails? Are there for example
> system files that record connections to SMTP, thus allowing to
> trace who used fakemail originating from a certain machine?

I think that your "normal" mail agent (elm, mail mailx) connects to
SMTP. If you want to fake a mail, it's a raw connection on SMTP port
number that you'd have to trace. That's hard to make the difference !

Quote:> Is there a way to find out which machine was used to send
> the fakemail? etc.....

When I receive a faked mail,
        - I save it
        - I watch out for the original machine that has posted the mail
          ( it appears on thae header )
        - eventually, I compare the sender name with the result of a "last"
command grepped with the name if it is a local mail (which is often the
case in this matter ...).

Perhaps a script would prove useful to automate such a sequencial process.

        hope this helps.

--

 __________________________              `o O'

\ \   Ader239, ENAC, 7 av E.Belin, 31055 TOULOUSE (FRANCE)\
 \ \  you can find me at #62175852 ... if you're lucky     \
  \ \_______________________________________________________\
   \/_______________________________________________________/

 
 
 

tracing fakemails

Post by Holve » Fri, 25 Nov 1994 04:54:18


My Aunt MAUREEN was a military advisor to IKE & TINA TURNER!!

    > Is there ANY way to trace back fake emails? Are there for
    > example system files that record connections to SMTP, thus
    > allowing to trace who used fakemail originating from a certain
    > machine?  Is there a way to find out which machine was used to
    > send the fakemail? etc.....

Careful inspection of the headers usually does the trick pretty well.
Especially the `Path:' header or the `Received-By:' headers.


imagine about how that went after they caught the guy.
--
------------------------------------------------------------------------



The fourth law of computing:
  Anything that can go wr
.signature: Segmentation violation -- core dumped

 
 
 

tracing fakemails

Post by Robert Ha » Fri, 25 Nov 1994 09:25:37



>Is there ANY way to trace back fake emails? Are there for example
>system files that record connections to SMTP, thus allowing to

On some systems, if you logging level on the "mail" facility is high
enough, all connections will get two or three lines of log messages.
Check your /etc/syslog.conf setup.

Quote:>trace who used fakemail originating from a certain machine?
>Is there a way to find out which machine was used to send
>the fakemail? etc.....

Look at the fakemailed message with "more". Often mail programs strip out
some of the header lines. Sometimes the source machine is buried in one
of the "Received" lines someplace. Sometimes, if ident is running on the
originating machine, you'll even get the username.

...Robert

 
 
 

tracing fakemails

Post by Harvey Shapi » Mon, 28 Nov 1994 15:11:54


: Is there ANY way to trace back fake emails? Are there for example
: system files that record connections to SMTP, thus allowing to
: trace who used fakemail originating from a certain machine?
: Is there a way to find out which machine was used to send
: the fakemail? etc.....

Can it be done? Yes... Is it fesable? Unless the administrator from the
STMP site is a close friend of yours, No...
You'd have to go back the SMTP site (easy enough since that's the address
on the mail...), and get the port 25 telnet log, it'd be in a buffer, and
it's not likely it's archived, so by the time you figure out that your
actually going to take care of the problem and investigate, the
evidence is already deleted...  This is why people use fake mail in the
first place, it's difficult, and a pain in the ass to trace...
But no, it's not impossable...

: Tanks for any help!

: Lorenz Glatz                                        \\///  

: -------------------------------------------------ooO-(_)-Ooo-----------

--