Hi tbac(_at_)mail(_dot_)idt(_dot_)net! I'm a programmer and I want to do dumb
things!
From tbac(_at_)mail(_dot_)idt(_dot_)net Wed Dec 25 15:57:35 1996
Received: from mail.ot.com (localhost [127.0.0.1]) by dmuth.ppp.ot.net
(8.6.11/8.6.9) with SMTP id PAA00729 for <doug>; Wed, 25 Dec 1996 15:57:29
-0500
Received: from Campino.Informatik.RWTH-Aachen.DE
(campino.Informatik.RWTH-Aachen.DE [137.226.116.240]) by oasis.ot.com
(8.7.6/8.7.3) with ESMTP id CAA03944 for <dmuth(_at_)ot(_dot_)com>; Wed, 25
Dec 1996 02:16:37 -0500 (EST)
Received: (from lists(_at_)localhost) by Campino.Informatik.RWTH-Aachen.DE
(RBI-Z-5/8.6.12) id IAA17152; Wed, 25 Dec 1996 08:16:01 +0100 (MET)
I have a mailing list set up and it check the "from field"
to see if the person is authorized to use the list.
The problem is that if you know the email address
of any authorized person, and change your from field
on your mailer to their address, the mail will go through the system.
Is there a way to test some other field? Like a verified sender or
something.
[snip]
Well, changing the From: header is the most trivial form of forgery.
However, the "From" header (as opposed to "From:") that is inserted by
your MTA and appears on the first line of a message is a bit harder to forge.
Example:
From tbac(_at_)mail(_dot_)idt(_dot_)net Wed Dec 25 15:57:35 1996
So you could check your users against that line. The only thing
is that this may be different from their "usual" address, and if you run
UNIX like me and don't have static IP, your system is usualy named
something which is non-existant, and could be changed easily.
Received: from mail.ot.com (localhost [127.0.0.1]) by dmuth.ppp.ot.net
(8.6.11/8.6.9) with SMTP id PAA00729 for <doug>; Wed, 25 Dec 1996
15:57:29 -0500
Received: from Campino.Informatik.RWTH-Aachen.DE
(campino.Informatik.RWTH-Aachen.DE [137.226.116.240]) by oasis.ot.com
(8.7.6/8.7.3) with ESMTP id CAA03944 for
<dmuth(_at_)ot(_dot_)com>; Wed, 25 Dec 1996 02:16:37 -0500 (EST)
Received: (from lists(_at_)localhost) by Campino.Informatik.RWTH-Aachen.DE
(RBI-Z-5/8.6.12) id IAA17152; Wed, 25 Dec 1996 08:16:01 +0100 (MET)
Here are the Received: headers from your message, which are
consideribly harder to forge as every MTA along the way adds a header.
You could develop a recipe based on this information. However, if the
user's ISP changes their setup, the Received: headers may change.
Yet another alternative would be to pipe the message through PGP
and act on the exit code. In this case, you would need public keys of
every user on your mailing list kept in a seperate keyring file. PGP
would worry about the matching of the signed plaintext to the proper
key. Of course, this method requires that every user on your list use PGP.
Have phun!
--
<Doug Muth>--<dmuth(_at_)ot(_dot_)com> - Spam me and die!
Think your homepage sucks? You haven't seen http://www.ot.com/~dmuth yet!!
Anti-virus software and utils: | The Transformers fanfiction:|"Est Sularus|
http://www.ot.com/~dmuth/virus | http://www.ot.com/~dmuth/tf |oth Mithas!"|
-=-=-=-=Send a blank e-mail to dmuth+help(_at_)ot(_dot_)com for PGP key,
etc.-=-=-=-=-