procmail
[Top] [All Lists]

Re: junk email header

1998-01-16 14:11:19
On Fri, 16 Jan 1998 10:33:40 -0800, PSE-L(_at_)mail(_dot_)professional(_dot_)org
(Professional Software Engineering) wrote:
At 12:41 PM 1/16/98 -0500, Dmitry Yaitskov wrote:
On Friday, Jan 16, era eriksson (era(_at_)iki(_dot_)fi) spake thusly:
Received: From sony300 by ibm266;Fri, 16 Jan 1998 6:2:31 -400 (EDT)
I throw away stuff that has Received: lines beneath From:. 
I do not understand this one, could you please explain?
The recieved lines are inserted at the top of the message (the bottommost
is supposed to be the insertion, and the toppmost is where it arrived at
your mail system right before your mailer got it).  Since the ORIGINAL
message is posted in, and THEN the SMTP server adds the initial recieved
line *ABOVE* the message, there shouldn't be received lines interspersed
with the other headers.

This is basically it, yes. However, for completeness' sake, it should
be stated that this can also happen if a message gets injected with
some compulsory header missing. Say you inject a message which lacks a
"From:" -- something that, fortunately, is very unlikely to happen
unless the sender is mucking around with the headers severely, which
is usually as good a mark of forgery as anything. What is very likely
to happen en route is that the message passes a Sendmail system, which
will "helpfully" fill in a new From: header with the envelope sender's
address. Similarly, if a message lacks a Message-Id, it will often get
added somewhere along the way. As spam usually travels over one or
more relays, this is likely to happen even if your local system isn't
running Sendmail (but in which case you should also be looking for
messages which lack one of the obligatory headers and, if you're like
me, assume they're spam).

/* era */

-- 
 Paparazzi of the Net: No matter what you do to protect your privacy,
  they'll hunt you down and spam you. <http://www.iki.fi/~era/spam/>

<Prev in Thread] Current Thread [Next in Thread>