This won't work or will really throw a ball of wax into the works.
Look at my e-mail address. This is a perfectly valid address.
However, I don't work for the IEEE, I'm a member and this is an alias
that forwards to where I really am this month (I've had 3 ISPs in the
last 2 years). So I am never posting from the IEEE's domain. You can
look at the message ID to find where I writing this from except it is
an intranet domain name and won't resolve on the Internet. Check the
headers and you will see a third domain name. When I am visiting
friends and family, I usually use their ISP's SMTP server for outgoing
mail from my laptop. All legitimate mail. And I use different return
addresses, depending on the context. E.g., I have two ISPs currently;
obviously, I use the address in their domain when corresponding with
them. And for a while I was employed by a company with no physical
office, only a bunch of people working out of the back bedroom of
their home. Work e-mail carried the company's domain name. I could
have routed the work e-mail thru the company's mail servers, but that
would have meant a lot of extra work for me.
Any sysadmin that put such a policy in place would get all his/her
users added to my bozo filter (AKA kill file).
Just my $0.02USD,
Jeffrey
Quoting Leah Cunningham
- > I don't think this is about relaying. Spoofing a from-address can be done - > without any relay at all.
Yes, I guess you are right, as long as the domain is valid, it is easy to spoof an email address if the server allows mail to be sent from outside the network. For example, I couldn't send the SMTP command to a modern server:
mail from:leah@leah.leah.leah.leah but I could do mail from:leah@valaddomain.com
Joost, do you know if there is a way for the mail server to check if the IP address you are coming from matches the domain given?
Even then, one could change the user and leave the correct domain intact for external/internal domains.
- > I just found this out. I had been getting strange entries in my maillog from - > sourceforge servers, and their admins told me it had to do with SMTP - > callback. i.e. finding out if the from-address is valid or not. I think this - > is what's required. But it has nothing to do with relaying, I'm *almost* - > certain :). - > - > On Friday 08 June 2001 16:04, Leah Cunningham wrote: - > > Matt, - > > - > > - > I just wanted to share that with you! The id10t who spammed me even - > > - > tried spoofing the from address to make it look as if it came from my - > > - > own domain, so I forwarded it to them. - > > - > - > > - > Actually, how can one fix this? I am using Sendmail. - > > - > > You need to disable relaying in sendmail. I'm not positive where - > > this is, but I imagine someone else here can tell you, or you could - > > look it up, that's what I ususally do. I thought's SuSE's - > > sendmail.cf took care of this by default, but I don't remember. - > > - > > - > > I can't believe it's not UNIX!!! - > > ------------------------------------------------------------ - > > Leah Cunningham | PPC QA, Business Support & - > > www.heinous.org | QA & Linux geek, et al.
I can't believe it's not UNIX!!! Leah Cunningham | PPC QA, Business Support & www.heinous.org | QA & Linux geek, et al.
-- I don't do Windows and I don't come to work before nine. -- Johnny Paycheck