Email trace help

Post your questions about tracing the source IP address of an email here.
Locked
Aadanac+
New Member
Posts: 1
Joined: Tue Oct 23, 2012 8:30 pm

Email trace help

Post by Aadanac+ » Tue Oct 23, 2012 8:33 pm

To make a long story short, I'm a TA and someone is impersonating my professor and sending students offensive emails. Below is the header:

Return-Path: <[email protected]>
Received: from javelin04.mail.cornell.edu (javelin04.mail.cornell.edu. [128.84.12.98])
by mx.google.com with ESMTPS id u9si5519237vcw.52.2012.10.22.16.10.19
(version=TLSv1/SSLv3 cipher=OTHER);
Mon, 22 Oct 2012 16:10:19 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 128.84.12.98 as permitted sender) client-ip=128.84.12.98;
Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 128.84.12.98 as permitted sender) smtp.mail=[email protected]; dkim=neutral (body hash did not verify) [email protected]
Received: from limestone4.mail.cornell.edu (limestone4.mail.cornell.edu [128.253.83.164])
by javelin04.mail.cornell.edu (8.13.8/8.14.4) with ESMTP id q9MNAH76030887;
Mon, 22 Oct 2012 19:10:17 -0400
Received: from exchange.cornell.edu ([10.16.197.28])
by limestone4.mail.cornell.edu (8.14.4/8.14.4) with ESMTP id q9MNA9Eu010370;
Mon, 22 Oct 2012 19:10:12 -0400 (EDT)
Received: from list.cornell.edu (132.236.56.26) by
CASHUB09.exchange.cornell.edu (10.16.197.28) with Microsoft SMTP Server id
14.2.309.2; Mon, 22 Oct 2012 19:10:05 -0400
Received: from wisteria.mail.cornell.edu ([132.236.56.52]) by
topaz5.mail.cornell.edu with SMTP (Lyris ListManager LINUX version 11.3);
Mon, 22 Oct 2012 19:09:41 -0400
Received: from exchange.cornell.edu (cashub03.exchange.cornell.edu
[10.16.197.22]) by wisteria.mail.cornell.edu (8.13.6/8.12.9) with ESMTP id
q9MN9dT3027261 for <[email protected]>; Mon, 22 Oct 2012 19:09:39
-0400 (EDT)
Received: from mirage.mail.cornell.edu (128.253.83.157) by
CASHUB03.exchange.cornell.edu (10.16.197.22) with Microsoft SMTP Server id
14.2.309.2; Mon, 22 Oct 2012 19:09:39 -0400
Received: from mail-ie0-f181.google.com (mail-ie0-f181.google.com
[209.85.223.181]) by mirage.mail.cornell.edu (8.14.4/8.14.4) with ESMTP id
q9MN9Yn0004502; Mon, 22 Oct 2012 19:09:38 -0400
Received: by mail-ie0-f181.google.com with SMTP id 16so4734239iea.26 for
<multiple recipients>; Mon, 22 Oct 2012 16:09:34 -0700 (PDT)
Received: by 10.42.80.207 with SMTP id w15mr9015620ick.40.1350947374168; Mon,
22 Oct 2012 16:09:34 -0700 (PDT)
Received: by 10.50.208.5 with HTTP; Mon, 22 Oct 2012 16:09:34 -0700 (PDT)
X-CornellRouted: This message has been Routed already.
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:cc:content-type; bh=Sb7sUMbbcnbSPGv57N7/JNdVX2RP4psX/1ewXDXcMs4=; b=juU45xva7Rn7FCoAnPDfIobrjog/bx0UzbeIRChMQVbnmmglfOgyLDOYWbsItSGpvh iVHlGFYsC0A0fNTk9p6pdE6sJs8u3YVYws21s9Cgm0Trll9ocgOB8xoTDzjjD+/zqItC 1kcXKkfEKbENxhyoDFfrE64W3JYMUTZDjIEDRZNbNEeX6vjpPELqUy5yC3NK89uMNMwC 489R6ne8IfH2BvFsbcyVoh4jOyOGhQEiFRw8mTnTd+GvSsLCH1UYWRbEYrkFuTy3GOPe J7d3tuIt1wfDyIAxx0pH7+WI5AP7jIG3tdQgHL5lao+8pKjnZll26k8G/Wpu1hSuyEeY 9QBQ==
MIME-Version: 1.0
Date: Mon, 22 Oct 2012 19:09:34 -0400
Message-ID: <LYRIS-38040730-69382931-2012.10.22-19.09.47--cal344#[email protected]>
Subject: Re: prelim 2
From: <[email protected]>
To: <[email protected]>
CC: <[email protected]>
Content-Type: multipart/alternative; boundary="20cf301af64158fba404ccadf264"
X-PMX-CORNELL-SPAM-CHECKED: wisteria
X-PMX-CORNELL-SPAM-CHECKED: Mirage
X-PMX-Version: 5.5.9.395186, Antispam-Engine: 2.7.2.376379, Antispam-Data: 2012.10.22.225723
X-PMX-Version: 5.6.1.2065439, Antispam-Engine: 2.7.2.376379, Antispam-Data: 2012.10.22.230022
X-Original-Sender: [email protected] - Mon Oct 22 19:09:39 2012
X-Additional-Recipients-Added: 3
List-Unsubscribe: <mailto:[email protected]rnell.edu>
List-Subscribe: <mailto:[email protected]>
List-Owner: <mailto:[email protected]>
X-List-Host: Cornell University Centric Lists
Reply-To: Bruce Monger <[email protected]>
X-Message-ID: <CAHOP+q=BSO=[email protected]>
Sender: <[email protected]>
List-Id: <ocean-l.cornell.edu>
X-Additional-Recipients-Added: 2
X-Auto-Response-Suppress: DR, RN, NRN, OOF

--20cf301af64158fba404ccadf264
Content-Type: text/plain; charset="ISO-8859-1"

Thanks for any and all help.

Locked

Who is online

Users browsing this forum: No registered users and 5 guests