[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: a question on email headers

On Tue, 15 Apr 2003, Al Davis wrote:

> I am curious how reliable the IP address in email headers is.
> For example, here's a header:
> (changed a little so I don't give away anyones real address)

given the info, i'd guess
a. you sent from your davialbe acct
b. you received on your foo.bar.edu acct

easy to fake the domain name ... common thing of spammers
	- do not belive the domain name unless you did a dns reverse
	lookup of the ip#

am thinking, there should be another received line entry between
these 2 headers  unless you used your "laptop" to send email
to your bar.edu acct from inside their lan

more header fun ??

> Received: from foo.bar.edu ([])

ip# and supposed domain name of receiving mta

> 	by my.computer.net with esmtp (Exim 3.35 #1 (Debian))
> 	id 195LgM-0001Yv-00
> 	for <me@my.computer.net>; Tue, 15 Apr 2003 02:20:46 -0600

> Received: (from davialbe@localhost)

receiving mta ... your laptop ??

> 	by foo.bar.edu (8.11.6/8.11.6) id h3F8Lu930444
> 	for me@my.computer.net; Tue, 15 Apr 2003 02:21:56 -0600

you should also be using sendmail-8.12.9 instead since all
prior versions are supposedly susceptable to remote root exploit
c ya

> That's all of the "Received" headers on this mail.  I know this 
> one is ok (except for the changes I made myself).  I sent it 
> myself, from another system.
> My question is about that IP address.  That header was generated 
> by my computer.  The address agrees with the one in the log 
> file (/var/log/exim/mainlog).  The name does, too.
> I would like to believe that is the real address it came from.
> How reliable is it really?  How easy is it to spoof?
> -- 
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: