Look at the IP not the host name. You can easily change the host
name, not quite as easy to change the IP.
On Dec 27, 2005, at 11:23 PM, Brian Phillips wrote:
I will have to look more closely at the headers. At first glance, the
initiating host claimed it was localhost(localhost), which I
thought was
a spoof. I will look at the headers in the morning and may ask some
additional questions about interpreting it correctly.
If there was a localhost entry in there, it could have been within the
remote person's mail system. Headers are very hard (if not
impossible) to
forge because instead of the computer sending the mail, it's actually
created by the server receiving the mail. The extent of headers being
forged is an open relay being used to initiate the connection.
When the
server receives the mail, it stamps it with the time and the remote ip
address that initiated the connection, which makes up the beginning
of the
header (the part closest to the actual message). Any stamps beyond
that are
created by other mail servers in the line in a similar fashion
until it gets
to the mail server where the user is housed.
I've been known to be wrong before, but I think I might be onto
something
here though...
Brian
--
Telefonieren Sie schon oder sparen Sie noch?
NEU: GMX Phone_Flat http://www.gmx.net/de/go/telefonie
--------------------
BYU Unix Users Group
http://uug.byu.edu/
The opinions expressed in this message are the responsibility of their
author. They are not endorsed by BYU, the BYU CS Department or BYU-
UUG.
___________________________________________________________________
List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
--------------------
BYU Unix Users Group
http://uug.byu.edu/
The opinions expressed in this message are the responsibility of their
author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG.
___________________________________________________________________
List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
