On Wed, 20 Jun 2007, digitalsushi wrote: > header LOCAL_AUTH_RCVD2 ALL =~ /(authenticated bits=0)/
That's vulnerable to forgery. If you're checking Received headers this way to whitelist, you *really* want to include your local hostname and/or IP information in the RE. That will make it much less spoofable. > Received: from [192.168.15.109] (c-24-61-193-245.hsd1.nh.comcast.net > [24.61.193.245]) > (authenticated bits=0) > by postal.iol.unh.edu (8.14.0/8.14.0) with ESMTP id l5JFE2AY006703 > (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) > for <[EMAIL PROTECTED]>; Tue, 19 Jun 2007 11:14:02 -0400 e.g.: Received =~ /authenticated bits.+ by postal\.iol\.unh\.edu/ -- John Hardin KA7OHZ http://www.impsec.org/~jhardin/ [EMAIL PROTECTED] FALaholic #11174 pgpk -a [EMAIL PROTECTED] key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79 ----------------------------------------------------------------------- I would buy a Mac today if I was not working at Microsoft. -- James Allchin, Microsoft VP of Platforms ----------------------------------------------------------------------- 14 days until The 231st anniversary of the Declaration of Independence
