In summary, TCP packets can be forged, TCP connections can be spoofed and/or intercepted, SMTP sender addresses can be spoofed, Sendmail "received" headers can be spoofed, and remote systems can be taken over by malicious software or people. SMTP relays can be used to disguise the source of messages, or can be used to generate fake messages. Web applications can be abused to generate fake messages. Viruses can generate just about all of these.
I know all of that, I was just thinking that "Reiceved:" headers line are not so generally spoofed than "from:" headers line. And I really think it's the case when I look at the behaviour of virus which are in the wild.
So I think that alerting ISP that one IP of his domain is infected is not a complete waste of time.
In fact my script permits me to do it once a week and it takes only 5 minutes.
But I have to redoo it because the base information I was using is wrong (MDLOG entries)
Even for stats reasons MDLOG entries cannot be trusted !
So I have to redoo mimedefang-filter to incorporate the received: lines...
Jerome. _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
