Philip Prindeville wrote: > Having to present all of the headers (or, really, just the Received: > headers) isn't reliable for the very reason that you point out: > they can be forged.
> Logs can't. Logs can't be forged? :-) I guess that explains this log snippet from my server: Jan 29 16:15:33 www sendmail[16853]: l0TLCSk4016853: from=<[EMAIL PROTECTED]>, size=9385, class=0, nrcpts=1, msgid=<[EMAIL PROTECTED]>, proto=ESMTP, daemon=MTA, relay=mail.redfish-solutions.com [71.36.29.88] Jan 29 16:15:33 www mimedefang.pl[15864]: CanIt: l0TLCSk4016853: what=accepted, stream=nolinks, nrcpts=1, relay=71.36.29.88, [EMAIL PROTECTED], subject=IMPR0VE Y0UR S3X LIFE!!!!!! Jan 29 16:15:34 www sendmail[16858]: l0TLCSk4016853: to="|/var/mailman/mail/mailman post mimedefang", ctladdr=<mimedefang@lists.roaringpenguin.com> (8/0), delay=00:00:01, xdelay=00:00:01, mailer=prog, pri=32104, dsn=2.0.0, stat=Sent I've altered those logs in 7 different places. Find the forgeries. Here's why I would demand headers: Yes, you can forge headers. But you can also forge logs. So asking for more evidence makes a potential forger work harder, and makes him more likely to make a (detectable) mistake. Regards, David. _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang