Flaw In List Software
Steve Lamb
pmmail@rpglink.com
Thu, 03 Jun 1999 17:23:34 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Thu, 03 Jun 1999 16:06:11 -0700 (PDT), Paul Wiener wrote:
>On Thu, 03 Jun 1999 00:17:45 -0700, Steve Lamb wrote:
>
>>Received: from smtp02.primenet.com [206.165.6.132] (daemon)
>> by rpglink.com with esmtp (Exim 2.05 #1 (Debian))
>> id 10pRbD-0005Pk-00; Thu, 3 Jun 1999 00:07:35 -0700
>>Received: (from daemon@localhost)
>> by smtp02.primenet.com (8.8.8/8.8.8) id AAA18943
>> for <pmmail@rpglink.com>; Thu, 3 Jun 1999 00:07:33 -0700 (MST)
>>Received: from ip34-106.bur.primenet.com(207.218.34.106)
>> via SMTP by smtp02.primenet.com, id smtpd018902; Thu Jun 3 00:07:23 1999
>Okay, I guess what I'm really leading up to is that when you get spam with
>fake headers, and with a long list of nodes between your address and the
>sender's, it's hard to tell where the forgery begins.
Generally where they chain breaks. In the headers above you'll see
smtp02.primenet.com->rpglink.com
"daemon@localhost"->smtp02.primenet.com (misconfigured there)
ip34-106.bur.primenet.com->smtp02.primenet.com
So if there was one more received header which said, for example...
Received: from spoo.garnish.bz [202.102.84.22]
by foobar.granite.gt (8.8.9/8.8.9) id AAA81349
(etc, etc, etc)
It is kinda obvious. :)
>P.S. Exactly how do you configure sendmail.cf to reject relay mail?
>>Received: from smtp02.primenet.com [206.165.6.132] (daemon)
>> by rpglink.com with esmtp (Exim 2.05 #1 (Debian))
>> id 10pRbD-0005Pk-00; Thu, 3 Jun 1999 00:07:35 -0700
"Exim 2.05 #1 (Debian)" Sendmail? What's that? ;)
- --
Steve C. Lamb | I'm your priest, I'm your shrink, I'm your
ICQ: 5107343 | main connection to the switchboard of souls.
- -------------------------------+---------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.0 (C) 1997 Pretty Good Privacy, Inc
iQA/AwUBN1cchXpf7K2LbpnFEQLQNACg6/xbV17MpzZZ9U/CwplK4zGJWbUAoI+l
k16rqAQIOfdBUguJa89W7m4e
=m9W5
-----END PGP SIGNATURE-----