[forwarded mail -- Wietse]

On Thu, May 09, 2002 at 01:23:03PM -0500, Vernon A. Fort wrote:
> I'm sending this to both group in hope to be enlightened!!!!!

> What am I looking at or missing. Is it possible to spoof the From email address? I am completey baffeled by this....any suggestions would be GREATLY appreciated!!!!!

Sorry to tell you, but you can spoof *everything* in a Mail
(sometimes, but least probable even the IP of the sending host).
The SMTP-Protocol(==*SIMPLE*-Mail-Transfer-Protocol) does not
check anything, it just believes the client, whatever it sends.

And according to the NAI-Virusinfos the new Klez.h Variant does
exactly this. It combines random addesses out of the PCs Lists
so you get two different addresses (Envelop+To:...) per Mail
and each Mail may be different.

We just now think about switching off the warnings, because of
this. The warnings *now* mostly go to clueles third parties
and the 'owner' of the virus cannot be found anyway.

Stucki (who had the same problem yesterday :-)

----- End forwarded message -----

-- 
Christoph von Stuckrad     * * |nickname |<stuckimath.fu-berlin.de>\
Freie Universitaet Berlin  |/_*|'stucki' |Tel(days):+49 30 838-75 459|
Fachbereich Mathematik, EDV|\ *|if online|Tel(else):+49 30 77 39 6600|
Arnimallee 2-6/14195 Berlin* * |on IRCnet|Fax(alle):+49 30 838-75454/
----- End of forwarded message from Chr. v. Stuckrad -----
-
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]