procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Forged headers detection

2003-01-08 12:53:19
from [Gerald Livingston] [Permanent Link] 
On Wed, 08 Jan 2003 10:23:31 -0800
PSE-L(_at_)mail(_dot_)professional(_dot_)org (Professional Software 
Engineering) wrote:


At 11:14 2003-01-08 -0500, Jefferis Peterson did say:

I presume the following has a forged header, but I'm trying to
determine the logic of it so that I can visually detect them.


Received: (qmail 16498 invoked from network); 7 Jan 2003 10:50:02
-0000 Received: from unknown (HELO 218.252.28.15) (64.59.34.99)
by foma.pair.com with SMTP; 7 Jan 2003 10:50:02 -0000
Received: from unknown (170.127.231.172) by smtp013.mail.yahoo.com
with 

local;

Jan, 07 2003 2:51:34 AM +0400
Received: from unknown (77.222.200.106) by rly-xw01.mx.aol.com
with 

SMTP; Jan,

07 2003 1:52:32 AM +0300
Received: from [203.186.145.225] by hotmail.com (3.2) with ESMTP
id MHotMailBE7297E1009B400437E7CBBA91E10D0B0; Jan, 07 2003
12:55:41 AM +0700


Assuming they were valid timestamps, the mail originated at 5:55pm GMT
on 06 JAN, then passed to "aol" at 10:52pm, then along to "yahoo"
almost immediatley, but then arrived at pair.com *12* hours later?



Time to travel via yahoo/hotmail/msn servers can't be relied on. I've
seen VALID messages that originated, or passed through, these
comapanie's servers not actually be delivered for 24+ hours.

And outbound mail from AOL servers frequently bounces (back to the AOL
user) on the first attempt because the scanning/censoring proxy servers
they use are DNS dumb. They take too long to update their internal
tables after requesting an address from the root servers. I work for a
small ISP and a frequent customer question is "Why do my friends on AOL
get messages back they try to send to me with 'unknown host' errors?".

<sigh>

G

-- 
Configure your Email to send TEXT ONLY -- See the following page:
http://expita.com/nomime.html

gvl2 (Gerald)
AirBall the Rolling Basket Case (1969 Standard Beetle)
LifeSaver (1974 Bay Window Bus)
http://www.phorce1.com

_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Forged headers detection, Gary
Next by Date:  Re: Forged headers detection, poff
Previous by Thread:  Re: Forged headers detection, Professional Software Engineering
Next by Thread:  Re: Forged headers detection, Gary
Indexes:  [Date] [Thread] [Top] [All Lists]