IP Address checking
From PluginWiki
You can make the plugin check whether messages come from a suspicious IP address. This can be useful if you have a member who's masquerading under different Yahoo IDs.
Contents |
Health Warning
This is not foolproof:
- For lots of people, they get a different IP address each time they connect to the Internet - or change it periodically.
- Different people may appear to share the same IP address.
- It will only work if people are sending by email - not if they post via Yahoo's site.
Having said this, there are definitely cases where it will help.
Configuring It
On the Checking tab, there's a button:
Then you'll see this configuration dialog:
You can put in IP addresses here, separated by semicolons. Or if you want to check a range (also called a subnet), you can just put in the first part, e.g. 192.91.191 will match 192.91.191.*.
What You'll See
This checks Pending messages. When it spots something, it'll flag it like this:
Finding the IP address
This is quite complex, and what's presented here is a simplified how-to guide, rather than a detailed technical explanation. There's a box http://aruljohn.com/info/howtofindipaddress here] you can paste headers into, which might help.
First view the source of the message. This is how to do it using Yahoo, but if you're interested in looking at the headers of a message you've received by email, see here.
Each of the things like Return-Path: or Received: or To: is called a header.
Then find look for each of the following headers in turn; if you find something, that's the IP address to configure. If you don't find one, then move on to the next section.
X-Yahoo-Post-IP
When the member is posting directly from the yahoo groups webpage, the headers will contain:
X-Mailer: Yahoo Groups Message Poster and X-Yahoo-Post-IP: x.x.x.x (Identifies the member's IP)
There will also be a "X-Originating-IP:" header, but that won't identify the member's IP.
X-Received
When the member is using Yahoo's webmail, you'll find the IP in the "via HTTP" received header:
X-Received: from [75.134.153.44] by web50603.mail.re2.yahoo.com via HTTP; Thu, 10 Apr 2008 11:54:12 PDT
Received
Of course, not all members are going to be posting via Yahoo groups or Yahoo webmail. So here it gets harder.
As the message travels from mail server to mail server, each server normally adds one or more Received: lines in addition to other message headers. In order to accurately determine the message origin you need to have experience interpreting the headers. The easiest route for the novice (assuming there's no header forgery) is to
- start at the bottom of the headers
- work up till you find a Received line
- check the IP address to see if it's an end-user IP (see below)
- if it's not, keep going upwards looking for more Received lines.
To check an IP to see if it's an end-user:
- Go here
- Enter the IP and click Lookup.
The resulting page will give you a hostname after resolves to.
There are two ways to tell that this is not an end-user IP:
- If it comes back as a webmail provider (hotmail, yahoo, gmail, etc)
- If it includes 'mail', 'mx', 'smtp', 'outbound', or 'outgoing'.
If it contains 'dsl', 'adsl', 'pool', 'dhcp', 'dyn', 'res' or 'client' then it's likely to be an end-user IP. Here's one example:
mn-10k-dhcp1-1764.dsl.hickorytech.net
You can also use http://www.geobytes.com/IpLocator.htm?GetLocation to get an idea of physical location, though remember that this may list where the ISP someone uses is, rather than where they are themselves.
Example
In the example below, you can see that Yahoo received the email from 216.114.192.16 (avalanche.hickorytech.net). Hickorytech.net is an ISP and avalanche.hickorytech.net is their outgoing mailserver. If you flag 216.114.192.16 you will catch email from all hickorytech customers. If you continue down the headers you see that avalanche.hickorytech.net received the email from (mn-10k-dhcp1-1764.dsl.hickorytech.net [69.24.166.228]). That is the poster's (current) IP. Note that the X-Originating-IP: header shows the mailserver rather than the end-user IP.
