At 03:26 2001-07-20 -0700, Andrew Edelstein wrote:
Yeah yeah, technically correct. I assumed that was a given. My point still
stands: you can't spoof the auto-responder into replying to an address other
than the address to which it thinks it's replying; ie: you can't forge the
headers in such a way that, if it thinks it's sending mail to
address(_at_)geol(_dot_)ucsb(_dot_)edu, the mail is actually going to somewhere
else.
Wrong. Although anti-relaying rules in most MTAs should probably block
this (and many of the clumsy MTAs out there probably never grasped it to
begin with), it is valid syntax as per RFC 821, Section 3.6:
@geol.ucsb.edu:user(_at_)someplaceelse(_dot_)com
The message would be delivered to the geol.ucsb.edu MX which (if it
supported the syntax) would parse the address and realize that it needed to
be passed along to another server, and would pass it along to
someplaceelse.com. A regexp such as:
^From:(_dot_)*(_at_)geol(_dot_)ucsb(_dot_)edu
Which is a fairly common regexp form, would fail to catch this relay
syntax, having satisfied itself that the host in question was specified.
This is totally separate from which header the reply address is gleaned
from - it applies equally to the Reply-To, etc.
Of course, this encoding is largely unsupported these days (DNS MX records
obliviate the need for it), but it is still supported by some MTAs here and
there. Perhaps the one in this case...
I just checked, and my own mail servers appear to support the syntax (in
fact, the message was sent from another domain entirely, and arrived at my
SMTP to be declined there). Fortunatley (because this technique used to be
in favour amongst spammers), my server properly declines to relay:
(reason: 550 5.7.1
<@somehost.myndomain.tld:validaddress(_at_)elsewhere(_dot_)tld>... Relaying denied)
Want to not rely on an old feature in the mail specification? Okay, simply
create a host on your own net:
geol.ucsb.edu.mydomain.tld
(which doesn't have to have an A record, just an MX, which would point to a
server configured to accept mail for this host). The above regexp would
fail to notice that this is a host on a different domain, and would happily
send it's reply to it.
How's them apples?
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail