|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
Sean wrote:
> On Thu, Apr 29, 2004 at 11:34:30AM -0400, Kevin Brosius wrote:
> > Received: from unknown (HELO default.in.icenetworld.com)
> > (203.195.203.130)
> > by mail.netisland.net with SMTP; 29 Apr 2004 14:13:16 -0000
> >
> > I've never seen mail from 'icenetworld.com' that I would consider valid
> > from gr. Or maybe he's got a new domain. A quick lookup on it ought to
> > tell you though.
>
> note that just as From: headers can be forged, so can Recieved: headers,
> and even so can the information put in the Recieved: header by your own
> mail server. if you trust the line itself (if it were put in by your
> mail server), than you can with some certainty trust the ip address
> in question, but the hostname in HELO could be anything. anything past
> the first Recieved: that you don't administer could be forged.
>
Um... Well, maybe my comments were to subtle. We know that
mail.netisland.net is our mail list server, right? I kind of assumed
others would pick that up, but my point was just that. The ip in that
line is the IP that attached to _our_ listserv. I trust that as the
sending machine.
I didn't realize that the 'icenetworld.com' was provided by the sender.
Is that the case?
nslookup 203.195.203.130
Non-authoritative answer:
130.203.195.203.in-addr.arpa name = 203-195-203-130.now-india.net.in.
Yup, fake. Well, now I learned something. :)
--
Kevin
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|