Yes, Charles, I'm pretty darn happy at this point. Thank you both,
Charles and Claus. So here's what I think you're saying.
1) The To: and From: headers are basically completely forgeable, and
can't be trusted for tracing spam (along with Reply-To).
2) The only things that matter are the envelope sender and recipient,
and qmail stores these as Return-Path: and Delivered-To:, respectively.
And Return-Path: can be forged anyway.
-> Looking at INTERNALS, qmail appears to store the envelope sender
under queue/info and the recipients under queue/local and queue/remote,
eh?
3) So the only thing I can trust (ignoring spoofing) is the IP address
shown in the Received: header from which my server got the message.
Thanks guys,
Dave
-----Original Message-----
From: Charles Cazabon [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 06, 2000 10:45 AM
To: Dave Kitabjian
Cc: '[EMAIL PROTECTED]'
Subject: Re: Understanding "To" and "From"
Dave Kitabjian <[EMAIL PROTECTED]> wrote:
>
> It's time for me to understand this stuff clearly once and for all,
> partly so that I can handle spam intelligently and properly.
>
> I'm unclear on the exact relationships between the following:
>
> -------------------
> 1) MUA: "From", "To", "Bcc", "Reply Address" fields
>
> 2) SMTP: "MAIL FROM:" and "RCPT TO:"
>
> 3) Delivered Message: "To:", "From:", "Reply-To:", "Return-Path:"
> headers. Also, the terms "envelope sender" and "envelope recipient".
SMTP "MAIL FROM:" is the envelope sender, and "RCPT TO:" is the
envelope recipient. These are the only things that matter to an MTA;
it doesn't care what addresses are listed in the From: and To: headers
in
the message itself.
> From what I currently understand, the MUA fields are (obviously)
> completed by the sender. (Let's assume a common client like Eudora or
> Outlook Express rather than qmail-inject for this discussion).
They are all effectively completed by the sender. MS-Windows mail
clients
may automatically use the contents of the From: header as the envelope
sender, but with many mail programs the user can set the envelope
addresses
to whatever he likes.
> When connecting to the SMTP server to send the message, the "From" and
> "To" fields are copied by the MUA to become the "From:" and "To:"
> headers of the message. The "From" field is also used in the SMTP
> conversation as the "MAIL FROM:".
Not necessarily. For example, if the user has QMAILUSER/QMAILHOST set
in
their environment, qmail will construct the envelope sender address from
those
if injected locally.
> The "Reply-To" header is created by the MUA from either the "Reply
> Address" field, if present, or else the "From" field. The
"Return-Path:"
> header is added by the SMTP server based on the "Reply-To" or "From"
> header (?)
Reply-To: is not necessarily, unless you want replies to go to an
address
different from the From: address.
> -> Question: So, now what do we look at to determine the "envelope
> sender" and "envelope recipient"? Secondly, which of these
terms/headers
> is used to determine whom qmail delivers the message to?
With qmail, the envelope sender is preserved in the Return-path: header.
The envelope recipient is preserved in the Delivered-To: header.
> Okay, now the message bounces because because it's an evil spam
message.
>
> -> Question: Where does MAILER-DAEMON send the bounce message? To the
> "From:" person? "Reply-To:"?
The Return-Path: header, which is a copy of the envelope sender address.
But since it's spam, it will be one of:
-Empty <>
-Fake/nonexistent <[EMAIL PROTECTED]>
-Real, but an innocent bystander's address <[EMAIL PROTECTED]>
And the bounce will either bounce or be delivered to the innocent
bystander.
> If I could understand THIS much, I'd be very happy.
Happy?
Charles
--
-----------------------------------------------------------------------
Charles Cazabon <[EMAIL PROTECTED]>
GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/
Any opinions expressed are just that -- my opinions.
-----------------------------------------------------------------------
