[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fwd: Please confirm your message

I demand that Adam McKenna may or may not have written...

> On Wed, Dec 04, 2002 at 09:47:05AM +1100, Brian May wrote:
>> On Tue, Dec 03, 2002 at 11:09:02AM +0100, Gerrit Pape wrote:
>>> Autoresponders, bouncers, and other mail handling programs use the
>>> envelope sender address, not an address found in any header of the mail.
>>> I doubt that any abuse@ address replies to a bounce message.  This is no
>>> problem.
>> You seem to imply that the envelope sender address is harder to forge?
>> Yet my experience has been that I can telnet to port 25 on any mail
>> server, and give it any envelope sender I want.
>> Are there suppost to be some sort of checks placed on this address?

Yes. Try giving a remote (from the server's POV) address after RCPT TO and
see if you still don't have a problem. Or try giving the server a local (to
it) address after MAIL FROM: the server should complain unless you're on a
network which it considers to be local.

If it accepts *any* address after MAIL FROM *and* after RCPT TO regardless of
where you're connecting from, then I'm sure that there's a spammer who'll be
interested in hearing from you ;-)

> He's talking about the envelope sender address on the confirmation
> messages, which is empty (<>), the same as for bounce messages.

That doesn't matter (much) wrt address/location checks...

| Darren Salt       | nr. Ashington, | linux (or ds) at
| Linux PC, Risc PC | Northumberland | youmustbejoking
| No Wodniws here   | Toon Army      | demon co uk
|   Running woody on the other machine.

You will be held hostage by a radical group.

Reply to: