On Fri, August 8, 2008 15:55, Alexey Eremenko wrote:
Strictly speaking, openSUSE mailing list is also spoofing email addresses as I receive something like:
from Amedee Van Gasse
to opensuse@opensuse.org While in reality I should receive something like: from opensuse@opensuse.org to al4321@gmail.com
You understand ?
Of course.
If so, maybe we can use reverse DNS and compare that to the email header "From: " address ?
No. There are legitimate reasons why the IP address won't match the header "From: " address. What reasons ?
You just gave one, a few lines up. ;-)
Well, some professional can even send email from command-line, effectively converting the PC into email client. Unfortunately I can only use email-clients like Thunderbird or webmail.
I'm just an amateur! But sending email from command-line is a piece of cake. First you have to find out which mailserver you have to contact. You do this with "dig <domain> mx", for example $ dig opensuse.org mx The MX records point to the mailservers of a domain. In case of opensuse.org, you get two answers: ;; ANSWER SECTION: opensuse.org. 300 IN MX 42 mx1.suse.de. opensuse.org. 300 IN MX 42 mx2.suse.de. The number 42 is the priority. Sensible mailservers start with the server with the lowest number, and if they cannot contact it, they take the next one. In this case both servers have equal priorities. It's a kind of load balancing. Spammers OTOH usually abuse the server with the highest number. This is often a backup server somewhere at a remote location that just forwards mail to the main mailserver, and everybody forgets to update the backup server. Now that you know the mailserver, you are ready to send your email: $ telnet mx2.suse.de 25 (port 25 is the default SMTP port) The server shows a banner: Trying 195.135.220.15... Connected to mx2.suse.de. Escape character is '^]'. 220 mx2.suse.de ESMTP Postfix (2.1.1) You are polite and say hel(l)o to the server: HELO spammer.com 250 mx2.suse.de Lines starting with 250 are replies from the suse mailserver, saying everything is OK. Now we start sending email. First we say who it is from: MAIL FROM: badboy@spammer.com 250 Ok And who is the intended receipient: RCPT TO: opensuse@opensuse.org 250 Ok This is all you need, now you send the data part of the mail: DATA 354 End data with <CR><LF>.<CR><LF> The mailserver tells you how you can say you reached the end of an email. First you type the mailheaders, followed by a blank line, followed by the body of the mail, and then you close with a dot on a single line. From: al4321@gmail.com To: opensuse@opensuse.org Subject: Sending email with telnet on port 25 X-Yet-Another-Header: nothing to see, move along This is a test. I am sending this email with telnet on port 25. It may or may not arrive, depending on the spamfilter used by Suse. Have fun, Amedee, pretending to be someone else . 250 Ok: queued as 8639A45AF2 The message is accepted by Suse, now we break the connection: QUIT 221 Bye Connection closed by foreign host. That's all! To recapitulate: dig example.com mx telnet mail.example.com 25 HELO your.servername MAIL FROM: your address RCPT TO: somebody@example.com DATA Email headers Email body . QUIT Cheers, Amedee. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org