1 |
On Fri, 30 May 2008 10:39:35 +0900 |
2 |
Paul Sebastian Ziegler <psz@××××××××.de> wrote: |
3 |
|
4 |
|
5 |
> Glad to hear you didn't mind, Daniel. |
6 |
|
7 |
Actually, I've enjoyed it! :) |
8 |
It was very crazy to see my name under something I've never said. The |
9 |
lack of control just rushed my adrenaline even though I was expecting |
10 |
something like that. Thanks! |
11 |
|
12 |
> Yes, you traced me correctly. And as Rob already noticed, that could |
13 |
> be circumvented by spoofing the header a little more. |
14 |
|
15 |
True. It wouldn't be so hard to send the message from another place. |
16 |
|
17 |
> Also you were correct to notice, that the receiving server has the |
18 |
> last word - however many servers today do -not- perform reverse DNS |
19 |
> lookups. You can basically put into the EHLO message whatever you |
20 |
> want and the receiving server will buy it. |
21 |
> |
22 |
> So with some effort we could make it look as if the message was |
23 |
> actually received from fg-out-1718.google.com. At least as long as |
24 |
> pidgeon.gentoo.org doesn't do reverse DNS lookups, which frankly I |
25 |
> didn't check. :) |
26 |
> |
27 |
> --Paul |
28 |
|
29 |
Unfortunately many times one cannot control the reverse records, |
30 |
because the IP address pool belongs to the ISP. Nevertheless the SMTP |
31 |
server logs the IP address which the message came from. It doesn't |
32 |
matter if the message would be bounced or accepted because of the |
33 |
(in)correct reverse resolving. Additionally there's the SPF [1] and I |
34 |
believe the email system at gentoo.org uses it. If that's so and my |
35 |
poor abused address :) was at a domain with SPF record imposing "fail" |
36 |
policy, that message shouldn't be accepted at all. At best you'd get |
37 |
something like: |
38 |
|
39 |
"Domain of valid-user@×××××××.com does not designate 192.0.2.25 |
40 |
as permitted sender." |
41 |
|
42 |
Anyways the right thing to do is to ban the IP address which the |
43 |
offencive message came from, not the email address. So, signatures |
44 |
don't come to play here. |
45 |
|
46 |
[1] http://www.openspf.org/ |
47 |
|
48 |
|
49 |
-- |
50 |
Best regards, |
51 |
Daniel |
52 |
-- |
53 |
gentoo-user@l.g.o mailing list |