Alexey Eremenko wrote:
Now: question to the our dear Open-Source community - How is this possible ?
1. How is this possible for hijackers to hijack the mail source address?
*OK, you say SMTP spoof, but with GMail web interface, it is
impossible to access email RAW code, to see exactly what was changed.
2. How is it possible for GMail to distinguish between a real and a
hijacked email ?
At which fields GMail is looking ?
Gmail and Yahoo pop/smtp mail have very nice headers.
Regards
Dave P
From - Fri Aug 8 11:09:51 2008
X-Account-Key: account2
X-UIDL: ABy9ktkAABHMSJwNEgbj+g9R6a0
X-Mozilla-Status: 0011
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
X-Apparently-To: dave.plater@yahoo.co.uk via 217.146.189.28; Fri, 08 Aug 2008 09:08:34 +0000
X-Originating-IP: [195.135.221.135]
Authentication-Results: mta145.mail.ukl.yahoo.com from=gmail.com; domainkeys=fail (bad sig)
Received: from 195.135.221.135 (EHLO lists4.suse.de) (195.135.221.135)
by mta145.mail.ukl.yahoo.com with SMTP; Fri, 08 Aug 2008 09:08:32 +0000
Received: from lists4.suse.de (localhost [127.0.0.1])
by lists4.suse.de (Postfix) with SMTP id CE4D55A2A19;
Fri, 8 Aug 2008 09:05:56 +0000 (GMT)
X-Original-To: opensuse@lists4.opensuse.org
Delivered-To: opensuse@lists4.opensuse.org
Received: from Relay2.suse.de (relay2.suse.de [149.44.160.89])
by lists4.suse.de (Postfix) with ESMTP id D1E835A2A13
for ; Fri, 8 Aug 2008 09:05:55 +0000 (GMT)
Received: from relay2.suse.de (localhost [127.0.0.1])
by Relay2.suse.de (Postfix) with ESMTP id 6AB2D34039F8
for ; Fri, 8 Aug 2008 11:08:25 +0200 (CEST)
X-Virus-Scanned: by amavisd-new at relay2.suse.de
X-Spam-Score: -1
X-Spam-Level:
X-Spam-Status: No, score=-1 tagged_above=-20 required=5 tests=[BAYES_50=0.001,
MY_SUSE=-1, SPF_PASS=-0.001]
Received: from mx2.suse.de ([195.135.220.15])
by relay2.suse.de (relay2.suse.de [149.44.160.89]) (amavisd-new, port 10025)
with ESMTP id WD6TruXTJzNG for ;
Fri, 8 Aug 2008 11:08:19 +0200 (CEST)
Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.233])
by mx2.suse.de (Postfix) with ESMTP id 03C2245CA7
for ; Fri, 8 Aug 2008 11:08:18 +0200 (CEST)
Received: by wr-out-0506.google.com with SMTP id 68so833464wra.7
for ; Fri, 08 Aug 2008 02:08:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:received:received:message-id:date:from:to
:subject:in-reply-to:mime-version:content-type
:content-transfer-encoding:content-disposition:references;
bh=ODLootzTrPs9pp0+Lr3tKBrtA1CnhdOp69D0lW7hGmI=;
b=AwRfTICcvCTSwrZQI9WcrUtZ+oowRZ3RRGcnIIjOR1XZQU4Hscw42ZY5yuK3vMUJ3J
uNSK4n9vLHOo8ha3Lw5s/gtyrmGnOdrWy5yA9pvGseR46nlGedAQHwiZdlHcK4qYj2IX
0YGkd1wVgZ6GAcBa0MKi5pznchJYJ2RYh+T84=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=message-id:date:from:to:subject:in-reply-to:mime-version
:content-type:content-transfer-encoding:content-disposition
:references;
b=I9uZ3JuDxPnX7gjVSo8Emzr+DNfpW0d9bn8biESekGqf9a675mg+8cGSLgrp+voKu1
3ZojHYr16SOIY6+xQ5WY0gRjgbN0utQ4ywcqBbsTH2NmWK3FpRctqfN22aRJdR3mpsIX
kiH6JOWoAwo5/vN/ZhWe+K+KcVHSO53HbsCa8=
Received: by 10.90.91.9 with SMTP id o9mr6342008agb.95.1218186498207;
Fri, 08 Aug 2008 02:08:18 -0700 (PDT)
Received: by 10.90.105.10 with HTTP; Fri, 8 Aug 2008 02:08:18 -0700 (PDT)
Message-ID: <7fac565a0808080208r46bc4115if84c764dd62d4a1@mail.gmail.com>
Date: Fri, 8 Aug 2008 11:08:18 +0200
From: "Alexey Eremenko"
To: OS-en
Subject: Re: Email Security question: Hijacked email !!! was: [opensuse] Vista
In-Reply-To: <56472.193.121.250.194.1218186030.squirrel@intrepid.warp.be>
Precedence: bulk
Mailing-List: contact opensuse+help@opensuse.org; run by mlmmj
X-Mailinglist: opensuse
List-Post: mailto:opensuse@opensuse.org
List-Help: mailto:opensuse+help@opensuse.org
List-Subscribe: mailto:opensuse+subscribe@opensuse.org
List-Unsubscribe: mailto:opensuse+unsubscribe@opensuse.org
List-Owner: mailto:opensuse+owner@opensuse.org
X-MIME-Notice: attachments may have been removed from this message
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <7fac565a0808080158i2e74c924uaa03f549e531feff@mail.gmail.com>
<56472.193.121.250.194.1218186030.squirrel@intrepid.warp.be>
Now: question to the our dear Open-Source community - How is this possible ?
1. How is this possible for hijackers to hijack the mail source address?
*OK, you say SMTP spoof, but with GMail web interface, it is
impossible to access email RAW code, to see exactly what was changed.
2. How is it possible for GMail to distinguish between a real and a
hijacked email ?
At which fields GMail is looking ?
--
-Alexey Eromenko "Technologov"
--
To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse+help@opensuse.org