On Sat, August 9, 2008 02:15, John Andersen wrote:
On Fri, Aug 8, 2008 at 5:03 PM, Amedee Van Gasse
wrote: On Sat, August 9, 2008 01:32, John Andersen wrote:
On Fri, Aug 8, 2008 at 4:19 PM, Jim Henderson
wrote: On Sat, 09 Aug 2008 00:52:37 +0200, Alexey Eremenko wrote:
I thought GMail would scan for all suspecious emails, and according to logical something that arrived into my GMail, with "From: al4321@gmail.com" - my email address, but never sent from my account is spoof.
It means, that GMail isn't protected
As Patrick said, it never went through gmail's servers -
And as Alexey said it DID arrive in his Gmail mailbox which, by definition means it DID go thru Gmail's server: inbound.
Gmail could have alerted Alexey that the mail was spoofed if the first few received headers didn't indicate a gmail origin.
I'm not sure what good it would do, as no-one else would get this alert except Alexey, but it seems do-able to me.
The listserve blurs things. If the spammer sent the email directly to Alexey, yes then you have a point. But it's not the spammer. Google sees a legitimate sender in the SMTP session: opensuse.org. Checking for spoofing senders is an SMTP session feature. That means at HELO (or EHLO). I don't know how I can explain this. This is what I see in my postfix logs:
Aug 9 01:52:48 intrepid postfix/smtpd[27319]: connect from lists4.suse.de[195.135.221.135] Aug 9 01:52:48 intrepid postfix/smtpd[27319]: 92C55138076: client=lists4.suse.de[195.135.221.135] Aug 9 01:52:48 intrepid postfix/cleanup[27322]: 92C55138076: message-id=<27061.81.82.3.9.1218239560.squirrel@intrepid.warp.be> Aug 9 01:52:48 intrepid postfix/qmgr[19655]: 92C55138076: from=
, size=4454, nrcpt=1 (queue active) Aug 9 01:52:48 intrepid postfix/smtpd[27319]: disconnect from lists4.suse.de[195.135.221.135] As you can see, the SMTP session only sees opensuse+bounces-67833-amedee=amedee.be@opensuse.org as the sender, even if the original sender was amedee@amedee.be. By the way there is a + separator, that means for checking valid mailboxes you can ignore everything after the + so the sender address is really opensuse@opensuse.org.
-- Amedee
--
When I said "First few Received Headers" I did NOT mean the top-most.
Neither did I.
I mean the first. Just above the body.
And I meant the postfix log which records (part of) the SMTP session:
Aug 9 02:15:34 intrepid postfix/smtpd[29764]: connect from
lists4.suse.de[195.135.221.135]
Aug 9 02:15:34 intrepid postfix/smtpd[29764]: A1DD3138084:
client=lists4.suse.de[195.135.221.135]
Aug 9 02:15:34 intrepid postfix/cleanup[29757]: A1DD3138084:
message-id=<60fb01490808081715o2143519cm9fae9b002e18d1aa@mail.gmail.com>
Aug 9 02:15:34 intrepid postfix/qmgr[19655]: A1DD3138084:
from=
Check it out in this email. Opensuse does not "blur" these.
It does. At the SMTP level. I'm looking at the protocol level, you are looking at the data level. -- Amedee -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org