Re: Fwd: Please confirm your message
I demand that Adam McKenna may or may not have written...
> On Wed, Dec 04, 2002 at 09:47:05AM +1100, Brian May wrote:
>> On Tue, Dec 03, 2002 at 11:09:02AM +0100, Gerrit Pape wrote:
>>> Autoresponders, bouncers, and other mail handling programs use the
>>> envelope sender address, not an address found in any header of the mail.
>>> I doubt that any abuse@ address replies to a bounce message. This is no
>>> problem.
>> You seem to imply that the envelope sender address is harder to forge?
>> Yet my experience has been that I can telnet to port 25 on any mail
>> server, and give it any envelope sender I want.
>> Are there suppost to be some sort of checks placed on this address?
Yes. Try giving a remote (from the server's POV) address after RCPT TO and
see if you still don't have a problem. Or try giving the server a local (to
it) address after MAIL FROM: the server should complain unless you're on a
network which it considers to be local.
If it accepts *any* address after MAIL FROM *and* after RCPT TO regardless of
where you're connecting from, then I'm sure that there's a spammer who'll be
interested in hearing from you ;-)
> He's talking about the envelope sender address on the confirmation
> messages, which is empty (<>), the same as for bounce messages.
That doesn't matter (much) wrt address/location checks...
--
| Darren Salt | nr. Ashington, | linux (or ds) at
| Linux PC, Risc PC | Northumberland | youmustbejoking
| No Wodniws here | Toon Army | demon co uk
| Running woody on the other machine.
You will be held hostage by a radical group.
Reply to: