sorry, wrong header

W.D.McKinney

15 Mar 2004 15 Mar '04

06:34

From: administration@suse.com To: suse-linux-e@suse.com Cc: Date: Monday, March 15, 2004 04:51 am Subject: [SLE] Warning about your e-mail account. Message-ID: Received: from tomato.akwireless.net (HELO barracuda.akwireless.net) (192.189.218.17) by burger.akwireless.net with SMTP; Sun, 14 Mar 2004 19:51:38 -0900 X-ASG-Debug-ID: 1079326036-29291-9-0 X-Barracuda-URL: http://192.189.218.17:8000/cgi-bin/mark.cgi X-ASG-Whitelist: Sender Received: from lists.suse.com (lists.suse.com [195.135.221.131]) by barracuda.akwireless.net (Barracuda Spam Firewall) with SMTP id E32FB200CA17 for ; Sun, 14 Mar 2004 19:51:33 -0900 (AKST) Received: (qmail 4303 invoked by alias); 15 Mar 2004 04:51:29 -0000 Mailing-List: contact suse-linux-e-help@suse.com; run by ezmlm Precedence: bulk list-help: mailto:suse-linux-e-help@suse.com list-unsubscribe: mailto:suse-linux-e-unsubscribe-deem=wdm.com@suse.com list-post: mailto:suse-linux-e@suse.com X-MIME-Notice: attachments may have been removed from this message X-Mailinglist: suse-linux-e X-Message-Number-for-archive: 183607 Delivered-To: mailing list suse-linux-e@suse.com Received: (qmail 4289 invoked from network); 15 Mar 2004 04:51:28 -0000 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--------fniumpmskwncylenhlqn" X-ASG-Orig-Subj: [SLE] Warning about your e-mail account. X-Virus-Scanned: by AWS Barracuda Anti-Spam Firewall at akwireless.net X-Barracuda-Spam-Status: No, SCORE=0.0 TAG_LEVEL=5.0

Show replies by date

Anders Johansson

15 Mar 15 Mar

06:43

New subject: [SLE] sorry, wrong header

On Monday 15 March 2004 07.34, W.D.McKinney wrote:

...

From: administration@suse.com To: suse-linux-e@suse.com Cc: Date: Monday, March 15, 2004 04:51 am Subject: [SLE] Warning about your e-mail account. Message-ID:

This is all plain text and for all the use it might as well have been the declaration of independence. It's just another part of the body of the mail, but since it's sometimes used by mail clients for things like getting an address to reply to, it's commonly referred to as headers. But in the SMTP protocol it's just DATA

...

Received: from tomato.akwireless.net (HELO barracuda.akwireless.net) (192.189.218.17) by burger.akwireless.net with SMTP; Sun, 14 Mar 2004 19:51:38 -0900 X-ASG-Debug-ID: 1079326036-29291-9-0 X-Barracuda-URL: http://192.189.218.17:8000/cgi-bin/mark.cgi X-ASG-Whitelist: Sender Received: from lists.suse.com (lists.suse.com [195.135.221.131]) by barracuda.akwireless.net (Barracuda Spam Firewall) with SMTP id E32FB200CA17 for ; Sun, 14 Mar 2004 19:51:33 -0900 (AKST)

These are added by the mail servers on your side

...

Received: (qmail 4303 invoked by alias); 15 Mar 2004 04:51:29 -0000 Mailing-List: contact suse-linux-e-help@suse.com; run by ezmlm Precedence: bulk list-help: mailto:suse-linux-e-help@suse.com list-unsubscribe: mailto:suse-linux-e-unsubscribe-deem=wdm.com@suse.com list-post: mailto:suse-linux-e@suse.com X-MIME-Notice: attachments may have been removed from this message X-Mailinglist: suse-linux-e X-Message-Number-for-archive: 183607 Delivered-To: mailing list suse-linux-e@suse.com Received: (qmail 4289 invoked from network); 15 Mar 2004 04:51:28 -0000

And these are added by suse's list server. Note the Delivered-To:

...

MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--------fniumpmskwncylenhlqn" X-ASG-Orig-Subj: [SLE] Warning about your e-mail account. X-Virus-Scanned: by AWS Barracuda Anti-Spam Firewall at akwireless.net X-Barracuda-Spam-Status: No, SCORE=0.0 TAG_LEVEL=5.0

Steven T. Hatton

07:03

New subject: [SLE] sorry, wrong header

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 15 March 2004 01:43 am, Anders Johansson wrote:

...

...
Received: (qmail 4303 invoked by alias); 15 Mar 2004 04:51:29 -0000

What does the above line signify? "alias"? Some say "network". What's the distinction?

...

...
Mailing-List: contact suse-linux-e-help@suse.com; run by ezmlm Precedence: bulk list-help: mailto:suse-linux-e-help@suse.com list-unsubscribe: mailto:suse-linux-e-unsubscribe-deem=wdm.com@suse.com list-post: mailto:suse-linux-e@suse.com X-MIME-Notice: attachments may have been removed from this message X-Mailinglist: suse-linux-e X-Message-Number-for-archive: 183607 Delivered-To: mailing list suse-linux-e@suse.com Received: (qmail 4289 invoked from network); 15 Mar 2004 04:51:28 -0000

...

And these are added by suse's list server. Note the Delivered-To:

That's the part that surprises me. I just assumed the originating host would somehow be recorded in the header information added by the list server. STH -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQFAVVUswX61+IL0QsMRAlQQAKCIj5Qwa3wre5+YURZioOCrf6RkyQCg1XAR R+F7OB3JaNvckTVNrlfUfE4= =TfTW -----END PGP SIGNATURE-----

Anders Johansson

07:07

New subject: [SLE] sorry, wrong header

On Monday 15 March 2004 08.03, Steven T. Hatton wrote:

...

On Monday 15 March 2004 01:43 am, Anders Johansson wrote:

...
...
Received: (qmail 4303 invoked by alias); 15 Mar 2004 04:51:29 -0000

What does the above line signify? "alias"? Some say "network". What's the distinction?

if the mail is received through a network connection on port 25 (or whatever) it will say "invoked by network" The above line signifies that suse is running qmail hiding behind another mail server (with the greeting string 'Would you like freedom fries with that :) and that mail server in turn invokes qmail and the ezmlm mailing list manager <snip>

...

That's the part that surprises me. I just assumed the originating host would somehow be recorded in the header information added by the list server.

Some do. Here it's stripped when the mail is placed on the outgoing queue. People like their privacy

Anders Johansson

07:15

New subject: [SLE] sorry, wrong header

On Monday 15 March 2004 08.07, Anders Johansson wrote:

...

The above line signifies that suse is running qmail hiding behind another mail server (with the greeting string 'Would you like freedom fries with that :) and that mail server in turn invokes qmail and the ezmlm mailing list manager

Actually, forget that. That is indeed the setup on lists.suse.com, but that is not what 'invoked by alias' means. I just looked, and suse's qmail says 'invoked by network' so it gets a net connection. 'invoked by alias' is on deem's side. I'm not sure what it means

Anders Johansson

07:17

New subject: [SLE] sorry, wrong header

On Monday 15 March 2004 08.15, Anders Johansson wrote:

...

On Monday 15 March 2004 08.07, Anders Johansson wrote:

...
The above line signifies that suse is running qmail hiding behind another mail server (with the greeting string 'Would you like freedom fries with that :) and that mail server in turn invokes qmail and the ezmlm mailing list manager

Actually, forget that. That is indeed the setup on lists.suse.com, but that is not what 'invoked by alias' means. I just looked, and suse's qmail says 'invoked by network' so it gets a net connection. 'invoked by alias' is on deem's side. I'm not sure what it means

Argh, sorry. Both come from suse. OK, I have *really* no idea what that means

Steven T. Hatton

07:19

New subject: [SLE] sorry, wrong header

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday 15 March 2004 02:07 am, Anders Johansson wrote:

...

Some do. Here it's stripped when the mail is placed on the outgoing queue. People like their privacy

That is one of the biggest threats spam poses, IMO. In oder to stop it, sources will have to be more specifically identified. That means privacy and anonymity for legitimate purposes will be lost as collateral damage. Since the problem really is doing harm to the viability of Internet mailing systems, it's bound to result in more demanding identification requirements. It would be a bit interesting to study the subject and determine exactly where the stuff is originating, and what kind of dementia motivates a person to fill my inbox with adds for certain kinds of meds I know I can't order over the Internet. STH -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQFAVVkNwX61+IL0QsMRAh7TAKC9QxNbQxMpNZmvjHbiStd4bBkF0ACglDNO g40naK0qbY+idZJm35IwRYI= =FNDM -----END PGP SIGNATURE-----

Carlos E. R.

13:40

New subject: [SLE] sorry, wrong header

The Monday 2004-03-15 at 02:19 -0500, Steven T. Hatton wrote:

...

That is one of the biggest threats spam poses, IMO. In oder to stop it, sources will have to be more specifically identified. That means privacy and anonymity for legitimate purposes will be lost as collateral damage.

Since the problem really is doing harm to the viability of Internet mailing systems, it's bound to result in more demanding identification requirements.

Except on the list, where most of the receipts headers before reaching the SuSE server are striped, there is always enough info to determine which server really sent the email. The problem is that you have to determine which are false headers, and which real. Then, once you have the IP you can determine who really sent it; it depends on countries, but at least in Spain the dial up providers keep records of all connections made, correlating phone numbers with IPs and login used. But you need a court order to make use of them. So... there is no need to pay per email sent, as some advocate. The means are there: just identify the spammers, and put them in jail. -- Cheers, Carlos Robinson

Dylan

22:09

New subject: [SLE] sorry, wrong header

On Monday 15 Mar 2004 13:40 pm, Carlos E. R. wrote: <SNIP>

...

Except on the list, where most of the receipts headers before reaching the SuSE server are striped, there is always enough info to determine which server really sent the email. The problem is that you have to determine which are false headers, and which real.

Then, once you have the IP you can determine who really sent it; it depends on countries, but at least in Spain the dial up providers keep records of all connections made, correlating phone numbers with IPs and login used. But you need a court order to make use of them.

So... there is no need to pay per email sent, as some advocate. The means are there: just identify the spammers, and put them in jail.

I'm sorry, you are wrong. Spammers can use open relays, introduce backdoor trojans into insecure systems, use false signup info, make up invalid from addresses, ... need I go on? Dylan -- "They that can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety." -Benjamin Franklin

Carlos E. R.

16 Mar 16 Mar

03:02

New subject: [SLE] sorry, wrong header

The Monday 2004-03-15 at 22:09 -0000, Dylan wrote:

...

...
So... there is no need to pay per email sent, as some advocate. The means are there: just identify the spammers, and put them in jail.

I'm sorry, you are wrong. Spammers can use open relays, introduce backdoor trojans into insecure systems, use false signup info, make up invalid from addresses, ... need I go on?

I know that very well. But there is at least one or two headers that are true, the one where the email spam enters "the internet"; usually, that is the destination isp server header. Reading from top to bottom, we find the last added headers; first my own Linux server headers, then my provider's, and then one by me provider that says where it got that email from. So far, those headers are true. Below... depends, but at some point start the faked headers by the spammer program or whatever. It may be using some other server he broke into, like a some clueless business with an unsecured wifi. If the ISPs want to find them (the spammers), they can. They just have to invest money and effort, and coordinate ISPs. -- Cheers, Carlos Robinson

7352

Age (days ago)

7353

Last active (days ago)

List overview

Download

9 comments

5 participants

participants (5)

Anders Johansson
Carlos E. R.
Dylan
Steven T. Hatton
W.D.McKinney