Date: Mon, 05 May 1997 20:42:37 +0100 From: Brian Somers <brian@awfulhak.org> To: Terry Lambert <terry@lambert.org> Cc: brian@awfulhak.org (Brian Somers), hackers@freebsd.org Subject: Re: SPAM target Message-ID: <199705051942.UAA23576@awfulhak.demon.co.uk> In-Reply-To: Your message of "Mon, 05 May 1997 12:08:42 PDT." <199705051908.MAA16294@phaeton.artisoft.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > Basically if I would not be able to reply to a mail sendmail would not
> > > deliver it. Yes, some mail is rejected if a host goes down at precisely
> > > the wrong instant but that would be uncommon.
> >
> > I transmit mail from "brian@shift.utell.net" or
> > "brian@shift.lan.awfulhak.org" which is a pretend machine behind
> > a firewall. I've got the gateway translating the from address as
> > "brian@utell.co.uk" or "brian@awfulhak.org" (which are valid), but
> > any smart-arsed mailer is going to say "something's wrong, go away".
> > I don't want to screw with my received lines (I don't think that's
> > ethical and I'll bet it's not going to be an option supported by
> > an m4 config file), but without doing so, I'm sending mail with
> > a bad origin.
>
> Actually, here are your relevant "Received:" lines:
>
> | Received: from awfulhak.demon.co.uk (awfulhak.demon.co.uk [158.152.17.1])
> ********************
> | by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id LAA09506
> | for <hackers@FreeBSD.ORG>; Mon, 5 May 1997 11:08:24 -0700 (PDT)
> | Received: from awfulhak.demon.co.uk (localhost.lan.awfulhak.org [127.0.0.1])
> ********************
> | by awfulhak.demon.co.uk (8.8.5/8.8.5) with ESMTP id RAA14045;
> | Mon, 5 May 1997 17:09:03 +0100 (BST)
Ah, but that's because I'm posting this from at home, on the "real"
machine rather than from my laptop :)
If I did things from my laptop, there'd be another hop and the
MAIL FROM would say shift.lan.awfulhak.org (going to
awfulhak.lan.awfulhak.org, then from awfulhak.demon.co.uk to whereever).
> So your SMTP sender is putting "MAIL FROM:<brian@awfulhak.demon.co.uk>"
> into the pipe.
>
> You would only be rejected if you enabled verification on the host
> awfulhak.demon.co.uk (the "HELO awfulhak.demon.co.uk" domain offered to
> sendmail didn't match the "localhost.lan.awfulhak.org" returned to
> sendmail by getpeername() + gethostbyname() name cannonization).
The gateway machine has a real name of awfulhak.demon.co.uk (dial-up
via ppp), and a LAN name of awfulhak.lan.awfulhak.org (I own
awfulhak.org, so news articles will get unique ids, but
www.awfulhak.org is the only thing with an A record in that
domain - everything else is made up). My laptop (shift.lan.awfulhak.org)
can be considered a fake machine that "bounces" things off of
awfulhak.demon.co.uk.
It's the same at work, except the real name is mail.utell.co.uk and
the interior names are mail.utell.net and shift.utell.net.
The only DNSs that would ever resolve the interior machine names
are the gateway machines (also primary DNSs for the interior
nets), so anyone looking at the Received: lines from my laptop
is going to smell something fishy.
To make matters even worse, at work, the IP numbers involved
aren't even private IPs - my laptop (usually) has an IP of
97.3.0.23 (I think). So looking at a received that says
"shift.utell.net [97.3.0.23]", any smart mailer is going to
throw a wobbler.
> That's the problem with relay hosts: once you are in the pipe, it's
> all valid from that point on.
And for the above reasons, I don't think it's possible to
authenticate the original address.
>
> Regards,
> Terry Lambert
> terry@lambert.org
> ---
> Any opinions in this posting are my own and not those of my present
> or previous employers.
Maybe the best way is to use a PGP mechanism where people that want
to talk to the mailing list send their public key with the subscribe
message. The mailing list then only accepts signed messages. Under
certain controlled circumstances, people can have their public keys
added without subscribing.
A bit of overkill though if you ask me !
--
Brian <brian@awfulhak.org>, <brian@freebsd.org>
<http://www.awfulhak.org>;
Don't _EVER_ lose your sense of humour....
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199705051942.UAA23576>