Author Topic: email header interpretation  (Read 2759 times)

Offline Xairbusdriver

  • Administrator
  • TS Addict
  • *****
  • Posts: 26388
  • 27" iMac (mid-17), Big Sur, Mac mini, Catalina
    • View Profile
    • Mid-South Weather
email header interpretation
« on: November 01, 2008, 10:31:21 AM »
Here's an edited header from an email my wife got (finally) from her sister. My conclusions are below that. Are they valid? dntknw.gif
CODE
Status:  U
Return-Path: <HERsister@HERsistermailserver.com>
Received: from noehlo.host ([127.0.0.1])
    by montgomery.mail.atl.earthlink.net (EarthLink SMTP Server) with SMTP id 1kW6uR4mX3Nl3qB0; Fri, 31 Oct 2008 22:45:53 -0400 (EDT)
Received: from sccmmhc92.asp.att.net ([204.127.203.212])
    by montgomery.mail.atl.earthlink.net (EarthLink SMTP Server) with SMTP id 1kW6uz9W3Nl3qB5
    for <MYwife@mindspring.com>; Fri, 31 Oct 2008 22:45:35 -0400 (EDT)
Received: from sccqmwc097.ops.asp.att.net (sccqmwc097.asp.att.net[204.127.203.227])
          by sccmmhc92.asp.att.net (sccmmhc92) with SMTP
          id <20081031232248m9200ldodle>; Fri, 31 Oct 2008 23:22:48 +0000
X-BLTSYMAVREINSERT: KPy4kq0LXkk3OIJdLt+Pp/MckysA
Received: from sister's name (12-216-225-223.client.mchsi.com[12.216.225.223])
          by sccmmhc91.asp.att.net (sccmmhc91) with SMTP
          id <20081031232016m91000d20ue>; Fri, 31 Oct 2008 23:20:16 +0000
Message-ID: <001401c93baf$3c047350$6401a8c0@Marilyn>
From: "First Last" <HERsister@HERsistermailserver.com>
To: "Judy" <MYwife@mindspring.com>
Subject: Fw: Kellen
Date: Fri, 31 Oct 2008 18:20:15 -0500
By my understanding, here are the times, actions and delays in the transmission from the header:

Zulu-5hr
CDT time......Zulu time...Action.....................Delay
18:20:15.......23:20:15...Sent from sister
18:20:16.......23:20:16...Received at smtp server.... 0:00:01
18:22:48.......23:22:48...Received by sccmmhc92...... 0:02:28
21:45:35.......02:45:35...Received by EarthLink...... 2:59:35 (montgomery.mail.atl server)
21:45:53.......02:45:53...Received by EarthLink...... 0:00:08 (noehlo.host)
21:45:??.......02:45:??...Received by Judy

First, am I correct?
Second, is the ~3 hour delay actually at sccmmh92 not EarthLink? I'll be trying to determine who that is after sending this.

thanx.gif

Admin: If I left anything identifying in there, please edit it! salute.gif
THERE ARE TWO TYPES OF COUNTRIES
Those that use metric = #1 Measurement system
And the United States = The Banana system
CAUTION! Childhood vaccinations cause adults! :yes:

Offline Paddy

  • Administrator
  • TS Addict
  • *****
  • Posts: 13797
    • View Profile
    • https://www.paddyduncan.com
email header interpretation
« Reply #1 on: November 01, 2008, 01:55:36 PM »
Jim, looks like the delay is at sccmmh92 - because Earthlink says they received the email just seconds before it went to your wife's inbox. So yes, I think your initial assumptions are correct.

Have they tried emailing back and forth and seeing if the issue continues? Have them state in the email body exactly what time (local time) they are actually sending the email, so the recipient can check that against the headers. Could be a wonky time-stamp in there somewhere.

"If computers get too powerful, we can organize them into committees. That'll do them in." ~Author unknown •iMac 5K, 27" 3.6Ghz i9 (2019) • 16" M1 MBP(2021) • 9.7" iPad Pro • iPhone 13

Offline Xairbusdriver

  • Administrator
  • TS Addict
  • *****
  • Posts: 26388
  • 27" iMac (mid-17), Big Sur, Mac mini, Catalina
    • View Profile
    • Mid-South Weather
email header interpretation
« Reply #2 on: November 01, 2008, 03:03:40 PM »
I think it's working fine now. They did the time-in-a-bottlemessage thing late last night. Strange thing is that those came through before the one with the header above. It must have been in a 'holding pattern' somewhere in or before that last, non-EarthLink server got it.

I tried to find out who has that server, but had no luck. Network Panel's Lookup started and never did anything else for about 45 minutes, the WhoIs didn't know anything either. Oh well, guess I'd better not castigate EarthLink about this... Mind you, Judy was getting pretty hot under the collar about something happening to her inbound mail. eek2.gif I really don't know what I can do about this next time. dntknw.gif Reviewing email headers isn't that entertaining! Thinking.gif This kind of thing may happen a lot more than I know, it was only really noticed because these two girls are so close and talking on the phone so often! smile.gif

Thanks for the help! smile.gif
THERE ARE TWO TYPES OF COUNTRIES
Those that use metric = #1 Measurement system
And the United States = The Banana system
CAUTION! Childhood vaccinations cause adults! :yes:

Offline Paddy

  • Administrator
  • TS Addict
  • *****
  • Posts: 13797
    • View Profile
    • https://www.paddyduncan.com
email header interpretation
« Reply #3 on: November 01, 2008, 04:00:16 PM »
Have a look at this:

http://whois.domaintools.com/204.127.203.22

Right in the middle there - see the "mchsi.com" -  which actually belongs to AT&T. And if you look at where Judy's sister's email came from...bingo. It's Judy's sister's ISP that is the problem.

"If computers get too powerful, we can organize them into committees. That'll do them in." ~Author unknown •iMac 5K, 27" 3.6Ghz i9 (2019) • 16" M1 MBP(2021) • 9.7" iPad Pro • iPhone 13

Offline Xairbusdriver

  • Administrator
  • TS Addict
  • *****
  • Posts: 26388
  • 27" iMac (mid-17), Big Sur, Mac mini, Catalina
    • View Profile
    • Mid-South Weather
email header interpretation
« Reply #4 on: November 01, 2008, 07:42:06 PM »
I've bookmarked that site. I have hardly ever had any useful results from the Network Utility. Is there a way to add links/sites to the "WhoIs" list? I have our listed, one is for Japan, the other three are whois.nic.mil, ...ripe.net and ...apnic.net. The first would appear to be mainly 'military' but I may just be totally confused. Oh well, on to more productive pursuits!

BTW, hope you guys have a smooth and quick server transfer tonight! goodluck.gif biggrin.gif
THERE ARE TWO TYPES OF COUNTRIES
Those that use metric = #1 Measurement system
And the United States = The Banana system
CAUTION! Childhood vaccinations cause adults! :yes:

Offline Paddy

  • Administrator
  • TS Addict
  • *****
  • Posts: 13797
    • View Profile
    • https://www.paddyduncan.com
email header interpretation
« Reply #5 on: November 01, 2008, 08:37:48 PM »
Thanks - I hope so too!!!

BTW - one of the Whois sites I use all the time and which is generally very good is:

http://cqcounter.com/whois/
"If computers get too powerful, we can organize them into committees. That'll do them in." ~Author unknown •iMac 5K, 27" 3.6Ghz i9 (2019) • 16" M1 MBP(2021) • 9.7" iPad Pro • iPhone 13

Offline sandbox

  • TS Addict
  • *****
  • Posts: 7825
    • View Profile
    • http://
email header interpretation
« Reply #6 on: November 02, 2008, 12:25:30 PM »
204.127.203.212

From Network Utilities
Lookup has started ...


; <<>> DiG 9.3.4-P1 <<>> sccmmhc92.asp.att.net any
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19985
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4

;; QUESTION SECTION:
;sccmmhc92.asp.att.net.      IN   ANY

;; ANSWER SECTION:
sccmmhc92.asp.att.net.   10800   IN   A   204.127.203.212

;; AUTHORITY SECTION:
asp.att.net.      8709   IN   NS   ns4.asp.att.net.
asp.att.net.      8709   IN   NS   ns3.asp.att.net.
asp.att.net.      8709   IN   NS   ns1.asp.att.net.
asp.att.net.      8709   IN   NS   ns2.asp.att.net.

;; ADDITIONAL SECTION:
ns1.asp.att.net.   172594   IN   A   204.127.198.5
ns2.asp.att.net.   10764   IN   A   216.148.227.75
ns3.asp.att.net.   172281   IN   A   204.127.202.5
ns4.asp.att.net.   172594   IN   A   63.240.76.5

;; Query time: 257 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Sun Nov  2 13:20:38 2008
;; MSG SIZE  rcvd: 191


Offline krissel

  • Administrator
  • TS Addict
  • *****
  • Posts: 14736
    • View Profile
email header interpretation
« Reply #7 on: November 02, 2008, 11:43:50 PM »
Jim, ATT is often slow to transfer email. Most of the time things are within normal time ranges but every once in a while I'll get email as much as a day later than when it was sent. I do have my ATT mail forwarded to my cable ISP but that should not explain such a long delay.

It appears that the mchsi.com is a subsidiary of ATT or someone who leases the IP numbers from them.
« Last Edit: November 02, 2008, 11:44:17 PM by krissel »


A Techsurvivors founder

Offline sandbox

  • TS Addict
  • *****
  • Posts: 7825
    • View Profile
    • http://
email header interpretation
« Reply #8 on: November 03, 2008, 01:44:50 PM »
I have had email sent all over the world by a-t&t they do not have the pipe for the traffic they sell. I suspect Mindspring has  the best pipe, they were into fiber long before the rest and it took years before they could reach anywhere near capacity. There isso much about a-t&t I dislike, I could write a book.  wallbash.gif

Offline Xairbusdriver

  • Administrator
  • TS Addict
  • *****
  • Posts: 26388
  • 27" iMac (mid-17), Big Sur, Mac mini, Catalina
    • View Profile
    • Mid-South Weather
email header interpretation
« Reply #9 on: November 03, 2008, 01:44:54 PM »
I tried the 'Lookup' function. Never got passed the "Lookup has started..." message. I quit after at least half an hour. dntknw.gif

Still asking what services are in or can be added to the list in the "WhoIs" part of NU?

I hardly ever notice (as in never the difference between the transmission and receipt times, may be watching more now. dntknw.gif Not much I can do about it. Judy is more concerned about the ones she knows were sent but she never got. But sometimes it's hard to know what you don't have.
THERE ARE TWO TYPES OF COUNTRIES
Those that use metric = #1 Measurement system
And the United States = The Banana system
CAUTION! Childhood vaccinations cause adults! :yes: