at Friday, September 27, 2002 1:42 AM, hostmaster <hostmaster@nso.org> was seen to say:
<hidden_user@172.17.0.1> Its a pretty common "leak" format. what usually happens is this. An internal mail server is running on a network using 1918 addressing, and is addressed by smtp by a user. The user identifies as a bare name (no @ sign) - using "MAIL FROM: hidden_user" and the mailler Reverse DNS looksup the IP address of the client, and appends that dns name (or the ip address if the rdns fails) your best bet is to look for the first recognisable mailserver in the chain, and forward a query to the postmaster of that mailserver - either it is one of his own internal systems doing this, or he is being used as a relay by a spammer. either way, he will probably want to know about it :)