Neil, according to Stalker's docs:
============================================================================ To protect your site from spammers, the SMTP module can verify the Return-Path address (specified with the Mail From SMTP command) of incoming messages. When the Verify Return-Path option is selected in the SMTP Service Settings, the SMTP module parses the message Return-Path (Mail From) addresses, and the module refuses to receive a message if: * the Return-Path domain name is an empty string (no domain specified); * the Return-Path address is routed (via the Server Router) to the ERROR address; * the Domain Name System does not have neither MX nor A records for the Return-Path domain (an unregistered domain); * the Domain Name System has an MX record for the Return-Path domain, but it points to an A-record that does not exist (a faked domain); * the A-record or the the highest-priority MX record for the Return-Path domain points onto an IP address included in the Black List; * the Return-Path domain name is specified as an IP address, and that address is not included into the Client Hosts list. ============================================================================ I guess I don't know nearly enough about the mail server commands. So the Mail From:, does it VERIFY the validity of the sender address? Can you or someone else maybe give me the actual step-by-step rundown of an SMTP connection, or at least point me to a reference for the steps a mail server takes to perform this? Thanks, Chris > From: Neil Herber <[EMAIL PROTECTED]> > Reply-To: "SIMS Discussions" <[EMAIL PROTECTED]> > Date: Mon, 10 Feb 2003 11:10:30 -0500 > To: "SIMS Discussions" <[EMAIL PROTECTED]> > Subject: Re: Verifying return-paths > > It is rumored that on or about 2003-02-10 9:55 AM -0600, Chris Wagner > wrote as follows: >> If I have SIMS setup to verify return paths, can I assume that the mailbox >> SIMS says it's coming from is accurate and not spoofed in any way? >> >> The reason I ask is this - at least ONE of these accounts hasn't been used >> for a very long time, and is coming from a local provider, journey.com. > > Chris > > My understanding is that SIMS does a DNS lookup on the Return-Path > domain and makes sure it returns a valid IP. It does not do any kind > of client verify. > > So if some one spoofs "[EMAIL PROTECTED]" SIMS will accept that > as valid, whereas "[EMAIL PROTECTED]" would > probably fail - unless someone goes and registers that domain. > > The attachments and spoofed return paths suggest a KLEZ type virus. > > -- > Neil > > Neil Herber > Corporate info at http://www.eton.ca/ > Eton Systems, 15 Pinepoint Drive, Nepean, ON, Canada K2H 6B1 > Tel: (613) 829-4668 > > > ############################################################# > This message is sent to you because you are subscribed to > the mailing list <[EMAIL PROTECTED]>. > To unsubscribe, E-mail to: <[EMAIL PROTECTED]> > To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> > To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> > Send administrative queries to <[EMAIL PROTECTED]> > ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
