Re: Faked From-Adress with my domain on them

From: Ken Raeburn (raeburn_at_raeburn.org)
Date: 09/04/03

  • Next message: Alfredo Valles: "overnet, mldonkey, which one??" 
    To: debian-user@lists.debian.org
Date: Thu, 04 Sep 2003 15:46:33 -0400

    Paul Johnson <baloo@ursine.ca> writes:

    > On Fri, Aug 29, 2003 at 01:04:51AM +0100, Pigeon wrote:
    >> Eh? I meant he's sending everything _from_ himself@localhost... sure,
    >> if he was sending to himself@localhost we wouldn't be having this
    >> discussion :-)
    >
    > OK, but I'm not entirely convinced he's sending a host, which is why
    > everybody's local mail server is adding in the host part.

    I've seen some hints of "@localhost" in the email I got. I sent email
    to Kevin about two weeks ago asking him to fix it. Since it hasn't
    been fixed yet, and he never answered, I just assumed he didn't care.

    I don't know about standard exim configurations, but my sendmail
    configuration (on a NetBSD box, built using the standard macros) does
    look for "@localhost" and converts it. So I think it's a standard
    part of the sendmail config.

    I think it's a misconfiguration problem in multiple places.

     * Kevin's mail software (Ximian Evolution, talking directly to his
       ISP? if there's a local MTA it's not in the Received headers)
       shouldn't be sending out such headers.

     * His ISP's software (Exim) could be more intelligent about detecting
       misconfigured clients. Since it's an ISP, and they probably don't
       care much about a pesky little thing like this, the easiest
       approach might be to get a fix in upstream so they'll get it next
       time they update their software.

     * One could make an argument that Debian's mailer or list processor
       should require valid addresses, but that might be a tough argument
       to sell, especially for lists where one might turn for help in
       fixing just this problem. Perhaps messages could be bounced with
       an error message including a URL with advice?

       In some lists, support for anonymity is important. So bouncing
       invalid addresses in general probably isn't right. (Maybe for
       Debian lists it doesn't matter except as a spam defense, but
       changing the list software in general wouldn't be right for these
       other lists.) But what about just bouncing from/sender/reply-to
       fields with @localhost, or with any unqualified hostname?

     * Our receiving mailers (mine's Sendmail) probably shouldn't be doing
       that transformation for mail coming from off the local machine.
       Perhaps sticking in "@INVALID" or "@NOFQDN" would be better.

    Given the wide variety of mail configurations out there, would it be
    at all practical to make the popular Debian mailers difficult to
    configure to send email without FQDNs in the headers to internet hosts
    at large, while still presumably allowing smarthost forwarding with
    unqualified names? Not impossible, if someone really insists on it
    and knows why it's the wrong thing to do; just difficult. I suspect
    Kevin wasn't intentionally trolling for accusations of email forgery
    when he set up his mail client.

    Given that my mail server is an old NetBSD box, and I don't use Exim
    or Evolution, I'm probably not the best person to submit bug reports
    or enhancement requests against these programs asking for such
    changes, 'cuz I can't verify all of them in a Debian mail system or
    verify when they've been fixed. But if someone else wants to, feel
    free....

    Ken 

    -- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
  • Next message: Alfredo Valles: "overnet, mldonkey, which one??"

    Relevant Pages

    • gateway doesnt locate at the same subnet of the IP Address.
      ... I've a host which has windowsxp installed on it and has the following ... I switched from windowsxp to debian with the above ip ... configurations, but I don't know how should I set my debian using the ... To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx ...
      (Debian-User)
    • gateway doesnt locate at the same subnet of the IP Address.
      ... I've a host which has windowsxp installed on it and has the following ... I switched from windowsxp to debian with the above ip ... configurations, but I don't know how should I set my debian using the ... How can I config my debian network with the above informations? ...
      (comp.os.linux.misc)
    • Re: Exiscan+clamav
      ... > # The next three settings create two lists of domains and one list of hosts. ... > # The second setting specifies domains for which your host is an incoming ... > # This router routes addresses that are not in local domains by doing a DNS ...
      (freebsd-questions)
    • Re: Publishing Nimda Logs
      ... scripts to portscan any host that sends a ".NET" browser string to check up ... if they connect to your webserver and perform such ... public lists of people who issue certain GET requests. ... > systems can be 0w3d after a publication of IP's of infected systems, ...
      (Vuln-Dev)
    • Re: SSH with a central host list?
      ... > Some people suggested that putty may do this - I could not see how. ... > The use of host keys, certificates etc is not what is required, all that ... Putty stores its server profiles in the registry. ... Please respond to "lists AT dawes DOT za DOT net" ...
      (SSH)