[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: a question on email headers

Derrick dman Hudson said:

> Trivial.  (except, as someone else said, for the last Received: header
> which is added by your own machine.  No one else has control over how your
> machine reports info)

just a minor point but it came to mind so might as well mention it..

the last Recieved: header can be incorrect(may be difficult to spoof
but it may not be accurate).

first situation, a few years ago I was having trouble with port forwarding
on one of my firewalls for smtp, so I reverted to rinetd instead(a lovely
app, though I've only ever seen it on debian). For SMTP, the mail server
recorded every inbound message as comming from the firewall rather then
the remote system I guess due to how rinetd forwards. I like rinetd because
it can do some unique things like route incoming traffic to a remote host
(e.g. on a remote network) whereas at least with ipchains in my experience
port forwarding only works to the local network.

second situation, a couple months ago one of my friends contacted me, said
his isp said he was an open relay.. after much investigation it turned out
his router had buggy NAT code and all inbound connections were showing up
as comming from his router instead of the remote system, he had his "real"
IP in sendmail's list to allow relays so it was effectively an open relay,
since he didn't need this IP in there we took it out and that fixed the
immediate problem, shortly after he dumped that router and went with a
cisco 1800 instead. This buggy NAT code at first only appeared to effect
the SMTP service, but with investigating the problem we found it effected
all port forwarded services. Rebooting the router solved the NAT problem
for up to 10 minutes then the problem started showing again, he didn't
want to reboot his router 500 times a day so he switched. here's a small
thread I started on vuln-dev about this router:



Reply to: