On Fri, 30 May 2008 10:39:35 +0900
Paul Sebastian Ziegler <[EMAIL PROTECTED]> wrote:
> Glad to hear you didn't mind, Daniel.
Actually, I've enjoyed it! :)
It was very crazy to see my name under something I've never said. The
lack of control just rushed my adrenaline even though I was expecting
something like that. Thanks!
> Yes, you traced me correctly. And as Rob already noticed, that could
> be circumvented by spoofing the header a little more.
True. It wouldn't be so hard to send the message from another place.
> Also you were correct to notice, that the receiving server has the
> last word - however many servers today do -not- perform reverse DNS
> lookups. You can basically put into the EHLO message whatever you
> want and the receiving server will buy it.
>
> So with some effort we could make it look as if the message was
> actually received from fg-out-1718.google.com. At least as long as
> pidgeon.gentoo.org doesn't do reverse DNS lookups, which frankly I
> didn't check. :)
>
> --Paul
Unfortunately many times one cannot control the reverse records,
because the IP address pool belongs to the ISP. Nevertheless the SMTP
server logs the IP address which the message came from. It doesn't
matter if the message would be bounced or accepted because of the
(in)correct reverse resolving. Additionally there's the SPF [1] and I
believe the email system at gentoo.org uses it. If that's so and my
poor abused address :) was at a domain with SPF record imposing "fail"
policy, that message shouldn't be accepted at all. At best you'd get
something like:
"Domain of [EMAIL PROTECTED] does not designate 192.0.2.25
as permitted sender."
Anyways the right thing to do is to ban the IP address which the
offencive message came from, not the email address. So, signatures
don't come to play here.
[1] http://www.openspf.org/
--
Best regards,
Daniel
--
gentoo-user@lists.gentoo.org mailing list
