On Fri, August 8, 2008 15:26, Alexey Eremenko wrote:
Kai: Well, it feels like having a clone on the net :) It may be fun and may be scary - depending on circumstances.
When I opened the RAW message from you, I see a lot of "Received: ..." Are those all recipients or "steps" in the routing of email ?
Yes.
Anyway: any ideas on fighting techniques ? Can we see the source IP address ?
Yes. Depending on your mail client, this is easy or hard.
If so, maybe we can use reverse DNS and compare that to the email header "From: " address ?
No. There are legitimate reasons why the IP address won't match the header "From: " address. You shouldn't look at the header-From but at the SMTP-From. Two different things. This is what SPF does for you, at the MTA level. But... that information is lost when the mail passes the Opensuse server. It's the Opensuse server that should check for SPF.
Perhaps I need to learn about SMTP and SPF :)
Definitely. I speak SMTP fluently, and I'm still learning SPF. Start with the RFC's. Dry and techie stuff but really useful. Frak, I should get a job as an independent email security consultant, I know more about email than most Exchange admins. Why am I still a L2 support engineer... ;-) PS: This has become a general mail routing, mail spoofing and mail security topic, not about Opensuse in particular. I don't know if we're still on topic and if other list members are still interested. Is there an off-topic mailing list that is better suited for this kind of interesting treads? -- Amedee -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org