I'd like to find out from where an email has been sent.
I already know I have to to find the "Received From" that’s farthest down in the complete headers to get the private and the public IP addresses.
But I'm a little bit confused when the private IP is [127.0.0.1]. Could we say it means that the mail has been sent from the same LAN than the mail server (public IP adress) ? Or that the mail is read on the same PC that has sent the email ?...
The goal is to prove that an email has been sent from a precised location (PC on a LAN with an internal mail server) and not from a client using a webmail installed on this server.
I got the solution ! I've compared the email headers of one email sent from the LAN and one email sent from the webmail : - in the first case, the oldest "received from" is 127.0.0.1 and the public IP address - in the 2nd case, the oldest "received from" header is the name of the web mail component which is also indicated in the X-mailer header, and the public IP address is indicated in another "received from" header.
Thanks again Senjai for your precious help that put a little on the way !