On Sat, Feb 06, 1999 at 09:19:42PM +0500, Omer Ansari wrote:
> Hi, this query may not be directly regarding qmail, but it addresses
> e-mail issues nevertheless...
>
> I got a spam mail from someone. Out of curiousity i checked the headers
> of the mail and this is what i got:
>
> ......
> Received:
> from pomcm009106.netvigator.com by mail.scmp.com with
> SMTP
> (Microsoft Exchange Internet Mail Service Version
> 5.0.1460.8) id
> 12HY8YTS; Sat, 6 Feb 1999 01:51:59 +0800
> Received:
> from nosc.cjkmh.mhul.com [21.22.23.24] by smart.com.uk
>
> (FTGate 2, 1, 1, 0); Fri, 05 Feb 99 20:07:53 +0800
> .......
>
> note the IP: 21.23.24.24 is obviously not the correct IP and the host
> name has also been faked...smart.com.uk doesn't/cannot exist.
>
> My question is, how can you fake a mailserver with such information?
You can add any arbitrary headers you like to a mail message. Just prepare a
message with a bunch of fake headers, and send it on its way.
For example:
[cjohnson@mail cjohnson]$ /var/qmail/bin/qmail-inject
Received: from somejackass.com (1.2.3.4.5.6) by openrelay.com (10.4.2.lmnop.4) with
ZMTP
Message-ID: <12345.54321>
Date: Tuesday
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Check these headers!
Hiya!
^D
[cjohnson@mail cjohnson]$
Run that, and you'll find yourself with a message in your inbox with a forged
Received line.
Chris
