Re: I LOVE DEBIAN!

To: debian-user@lists.debian.org
Subject: Re: I LOVE DEBIAN!
From: bob@proulx.com (Bob Proulx)
Date: Sat, 1 Sep 2007 13:25:13 -0600
Message-id: <[🔎] 20070901192513.GA28271@dementia.proulx.com>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <46D81CA8.3010307@physik.blm.tu-muenchen.de>
References: <E1IQz0o-0002P4-Km@esc69.midphase.com> <46D7F6E3.1000408@sapo.pt> <20070831123252.GA5275@localhost> <46D815BA.6050406@sapo.pt> <46D81CA8.3010307@physik.blm.tu-muenchen.de>

Johannes Wiedersich wrote:
> Rolando Pereira wrote:
> > (And if he had nothing to do, how come my email went to his mailbox
> > directly?)
> 
> ... because someone sent an email with his forged from-address:

Yes it was forged.  No one was more suprised than myself to see that
message show up on the mailing list!  (Go away for a few days and
everything falls apart.  :-) For the record I did not originate it.
It is strange that someone would take the time to craft an individual
one such as this.

This is not the first time I have been a victim of a "joe-job" but it
has been a while.  I guess it is time to return to sending signed
emails again.  Apologies in advance to those who dislike those but it
is the only way to be sure of the author.

> An apparently legitimate mail contains
> Received: by dementia.proulx.com (Postfix, from userid 1000)

Usually yes since that is my desktop.  But that is not strictly
required and when traveling I may use my laptop.  But regardless of
the machine I used to compose the message upon I will be sending my
email through my site's mail relay hub and the following header would
always appear.

  Received: from joseki.proulx.com (joseki.proulx.com [216.17.153.58])
        by murphy.debian.org (Postfix) with ESMTP id 235FD2DE1F
        for <debian-user@lists.debian.org>; Mon, 20 Aug 2007 05:11:05 +0000 (UTC)

Presumably we can trust murphy.debian.org sufficiently to believe the
header that it places in the message saying hostname and IP of where
it received the email.  If the header path from there to your mailbox
is continuous and trustworthy then you can believe where the email was
injected into the mailing list based upon that header.  In my case
messages that do not come through my domain are definitely suspect.

I publish SPF records to help curb some types forgeries.  SPF is not
perfect but it does do a good job of defining where legitimate email
from a domain can appear.  (Please, no discussion in this thread about
the merits or lack thereof of SPF.)  The actual record is a little
more complicated than this (I also publish an "exists" test too) but
in simple it looks like this:

  proulx.com "a -all"

Decoding this says that email from the IP address of proulx.com is
okay because it matches the "a" record.  Mail from other IP addresses
can be rejected.  The IP address for proulx.com from DNS will be
updated if this address changes.

> PS: Thanks for spotting this, Florian!

Thanks Florian for spotting this and calling it out!  Also thanks
Johannes for the email header check.  I appreciate you guys looking
out for me!

Bob

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: dumb question about compiz
Next by Date: Re: Shut down or leave on?
Previous by thread: Re: dumb question about compiz
Next by thread: Re: Setting [u|f]mask on a bind mount
Index(es):
- Date
- Thread