on 27/12/01 1:07 pm, Sysop at [EMAIL PROTECTED] wrote: Actually I don't think they did. Actually I think I am an idiot and did not appreciate exactly how smtp works. I realised this by looking at the message headers for a couple of message received from this mailing list and noticing that the To: field doesn't have my email address in there, but the destination was already negotiated by the smtp HELO handshake.
Egg on my face -- Tim Hosking Omelette anyone? > THey buried the REAL destination in the headers, and spoofed the "To" > field it looks like. > > Tim Hosking wrote: > >> on 27/12/01 12:39 pm, Sysop at [EMAIL PROTECTED] wrote: >> >> Look at the TO: field in the header. That address has nothing to do with my >> server. I do not host homelenders.com and I have no user called loanrep. I >> do not accept mail addressed to non-existent users. >> >>> How did you expect it NOT to get delivered? Everything looks cool, do >>> you not accept email from an unknown user or somethign? You can add >>> that persons domain into your bofh file, or just that account, but I >>> fail to see how you expect it NOT to get delivered. >>> >>> Tim Hosking wrote: >>> >>>> Hi. >>>> >>>> I just received a spam email from homelenders.com. Here are the headers: >>>> >>>> Delivered-To: [EMAIL PROTECTED] >>>> Return-Path: <[EMAIL PROTECTED]> >>>> Received: from smtp1.vol.cz (smtp1.vol.cz [195.250.128.73]) >>>> (TLS: TLSv1/SSLv3,168bits,DES-CBC3-SHA) >>>> by OldPeculier with esmtp; Wed, 26 Dec 2001 22:32:11 -0500 >>>> Received: from smtp2.vol.cz (smtp2.vol.cz [195.250.128.42]) >>>> by smtp1.vol.cz (8.11.6/8.11.3) with ESMTP id fBR3cjB89493; >>>> Thu, 27 Dec 2001 04:38:45 +0100 (CET) >>>> (envelope-from [EMAIL PROTECTED]) >>>> Received: from homelenders.com (datelb-1-2-18.dialup.vol.cz >>>> [212.20.100.20]) >>>> by smtp2.vol.cz (8.11.3/8.11.3) with SMTP id fBR3bkw12060; >>>> Thu, 27 Dec 2001 04:37:51 +0100 (CET) >>>> (envelope-from [EMAIL PROTECTED]) >>>> Date: Thu, 27 Dec 2001 04:37:51 +0100 (CET) >>>> Message-Id: <[EMAIL PROTECTED]> >>>> Mime-Version: 1.0 >>>> Content-Type: text/html; charset=us-ascii >>>> Content-Transfer-Encoding: 7bit >>>> From: [EMAIL PROTECTED] >>>> Reply-To: [EMAIL PROTECTED] >>>> To: [EMAIL PROTECTED] >>>> Subject: hassle-free home loans >>>> >>>> And here are the related lines from my maillog (sorry about the wrapping): >>>> >>>> Dec 26 22:32:09 OldPeculier courieresmtpd: started,ip=[195.250.128.73] >>>> Dec 26 22:32:14 OldPeculier courierd: newmsg,id=0000AD58.3C2A963C.00001851 >>>> Dec 26 22:32:14 OldPeculier courierd: >>>> started,id=0000AD58.3C2A963C.00001851,from=<[EMAIL PROTECTED]>,module> >>> = >>>> local,host=tim!!20008!20008!/home/tim!!,addr=<tim> >>>> Dec 26 22:32:14 OldPeculier courierd: Waiting. shutdown time=none, wakeup >>>> time=none, queuedelivering=1, inprogress=1 >>>> Dec 26 22:32:14 OldPeculier courierlocal: >>>> id=0000AD58.3C2A963C.00001851,from=<[EMAIL PROTECTED]>,addr=<tim@trho> >>> s >>>> king.com>,size=16516,success: Message delivered. >>>> Dec 26 22:32:15 OldPeculier courierd: >>>> completed,id=0000AD58.3C2A963C.00001851 >>>> Dec 26 22:32:15 OldPeculier courierd: Waiting. shutdown time=Wed Dec 26 >>>> 23:18:21 2001, wakeup time=Wed Dec 26 23:18:21 2001, queuedelivering=0, >>>> inprogress=0 >>>> >>>> How on earth did this message get accepted and delivered to a local >>>> account? >>>> I am running courier-0.36.1. >>>> >>>> >>>> >>> >>> >> >> > > > -- Tim Hosking It know it hurts. Maybe not as much as jumping on a bicycle without a seat, but it hurts. - Lt. Frank Drebin, The Naked Gun _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
