Re: [Mimedefang] On pinheaded ISP's (sort of OT)

David F. Skoll Mon, 29 Jan 2007 13:34:59 -0800

Philip Prindeville wrote:

> Having to present all of the headers (or, really, just the Received:
> headers) isn't reliable for the very reason that you point out:
> they can be forged.


> Logs can't.

Logs can't be forged? :-)

I guess that explains this log snippet from my server:

Jan 29 16:15:33 www sendmail[16853]: l0TLCSk4016853:
from=<[EMAIL PROTECTED]>, size=9385, class=0,
nrcpts=1, msgid=<[EMAIL PROTECTED]>, proto=ESMTP,
daemon=MTA, relay=mail.redfish-solutions.com [71.36.29.88]

Jan 29 16:15:33 www mimedefang.pl[15864]: CanIt: l0TLCSk4016853:
what=accepted, stream=nolinks, nrcpts=1, relay=71.36.29.88,
[EMAIL PROTECTED], subject=IMPR0VE Y0UR S3X LIFE!!!!!!

Jan 29 16:15:34 www sendmail[16858]: l0TLCSk4016853:
to="|/var/mailman/mail/mailman post mimedefang",
ctladdr=<mimedefang@lists.roaringpenguin.com> (8/0), delay=00:00:01,
xdelay=00:00:01, mailer=prog, pri=32104, dsn=2.0.0, stat=Sent

I've altered those logs in 7 different places.  Find the forgeries.

Here's why I would demand headers:  Yes, you can forge headers.  But
you can also forge logs.  So asking for more evidence makes a potential
forger work harder, and makes him more likely to make a (detectable)
mistake.

Regards,

David.
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID.  You may ignore it.

Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang

Re: [Mimedefang] On pinheaded ISP's (sort of OT)

Reply via email to