Real mail addresses in list postings and resulting **SPAM**
John Summerfield
debian at herakles.homelinux.org
Sun Sep 27 01:28:26 UTC 2009
Allen Kistler wrote:
> not Allen Kistler wrote:
>> Allen Kistler wrote:
>>> So trying to keep this thread relevant to Fedora, is there one in
>>> Fedora? I use Thunderbird, so I'm pretty sure that won't do it.
>> With apologies to Allen, I take this chance to show just how easy it
>> is to forge email.
>>
>> For those interested in checking whether this is a forgery (or at last
>> from a different source from the one I'm quoting), just check the
>> headers.
>>
>> The key point is that it's trivial to set an alternative identity (I'm
>> using seamonkey which might be another clue I'm not Allen), but
>> Thunderbird can do it too.
>
> Sorry. I can't check your headers, since I get the digest. The only
> thing I get is your TZ is +8, while mine is -5.
Here are all the headers I received:
Return-Path: <fedora-test-list-bounces at redhat.com>
Received: from murder ([unix socket])
by ns.demo.lan (Cyrus v2.2.12-Invoca-RPM-2.2.12-9.RHEL4) with LMTPA;
Fri, 25 Sep 2009 20:08:31 +0800
X-Sieve: CMU Sieve 2.2
Received: from hormel.redhat.com (hormel1.redhat.com [209.132.177.33])
by ns.demo.lan (Postfix) with ESMTP id 128E8474FCB
for <debian at herakles.homelinux.org>; Fri, 25 Sep 2009 20:08:31 +0800 (WST)
Received: from listman.util.phx.redhat.com (listman.util.phx.redhat.com
[10.8.4.110])
by hormel.redhat.com (Postfix) with ESMTP id CDEC361A824;
Fri, 25 Sep 2009 08:08:27 -0400 (EDT)
Received: from int-mx01.intmail.prod.int.phx2.redhat.com
(nat-pool.util.phx.redhat.com [10.8.5.200])
by listman.util.phx.redhat.com (8.13.1/8.13.1) with ESMTP id
n8PC8POF008445 for <fedora-test-list at listman.util.phx.redhat.com>;
Fri, 25 Sep 2009 08:08:25 -0400
Received: from mx1.redhat.com (ext-mx05.extmail.prod.ext.phx2.redhat.com
[10.5.110.9])
by int-mx01.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
id n8PC8PA0014882
for <fedora-test-list at redhat.com>; Fri, 25 Sep 2009 08:08:25 -0400
Received: from js.id.au (dsl-58-6-192-22.wa.westnet.com.au [58.6.192.22])
by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id n8PC8EWv011998
for <fedora-test-list at redhat.com>; Fri, 25 Sep 2009 08:08:15 -0400
Received: from ns.demo.lan (unknown [192.168.4.10])
by js.id.au (Postfix) with ESMTP id E589B5F408B
for <fedora-test-list at redhat.com>; Fri, 25 Sep 2009 20:08:11 +0800 (WST)
Received: from bobtail.demo.lan (Bobtail.demo.lan [192.168.9.109])
by ns.demo.lan (Postfix) with ESMTP id 9DFC9474FCB
for <fedora-test-list at redhat.com>; Fri, 25 Sep 2009 20:08:11 +0800 (WST)
Message-ID: <4ABCB2AB.40905 at yahoo.com>
Date: Fri, 25 Sep 2009 20:08:11 +0800
From: Allen Kistler <an037-ooai8 at yahoo.com>
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US;
rv:1.8.1.19) Gecko/20090222 SeaMonkey/1.1.14
MIME-Version: 1.0
To: For testers of Fedora Core development releases
<fedora-test-list at redhat.com>
References: <4ABBEC74.6070509 at yahoo.com> <20090925063952.GA16327 at wolff.to>
<4ABC74E7.3050705 at yahoo.com>
In-Reply-To: <4ABC74E7.3050705 at yahoo.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-RedHat-Spam-Score: 1.508 * (FORGED_YAHOO_RCVD,RDNS_DYNAMIC)
X-Scanned-By: MIMEDefang 2.67 on 10.5.11.11
X-Scanned-By: MIMEDefang 2.67 on 10.5.110.9
X-loop: fedora-test-list at redhat.com
Subject: Re: Real mail addresses in list postings and resulting **SPAM**
X-BeenThere: fedora-test-list at redhat.com
X-Mailman-Version: 2.1.5
Precedence: junk
Reply-To: For testers of Fedora Core development releases
<fedora-test-list at redhat.com>
List-Id: For testers of Fedora Core development releases
<fedora-test-list.redhat.com>
List-Unsubscribe:
<https://www.redhat.com/mailman/listinfo/fedora-test-list>,
<mailto:fedora-test-list-request at redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/fedora-test-list>
List-Post: <mailto:fedora-test-list at redhat.com>
List-Help: <mailto:fedora-test-list-request at redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/fedora-test-list>,
<mailto:fedora-test-list-request at redhat.com?subject=subscribe>
Sender: fedora-test-list-bounces at redhat.com
Errors-To: fedora-test-list-bounces at redhat.com
>
> I know that Thunderbird (or virtually any other client) can set
> alternative identities. Wholesale forgery is easy. We're after
> something subtler.
>
> When you sent the message to the list, did you do it with an envelope
> that identified you as you or did you do it with an envelope that
> identified you as me?
>
> The trick is to do it with an envelope that identifies you as you, but a
> message header that identifies you as, say, invalid at invalid.invalid.
> Thunderbird sets them to be the same, without an option to change that.
> (Hmm... Maybe an extension?) Bruno mentioned mutt allows them to be
> different.
>
I recently (days) saw an option to add an arbitrary header. I don't
recall whether it was Thunderbird or Seamonkey - I have the Seamonkey
2.0 beta on Windows- but the config editor for Thunderbird and both
versions of Seamonkey I have on Windows show what looks like it. See
mail.compose selections.
It's a config-time option, not compose-time so it's not useful to me.
--
Cheers
John
-- spambait
1aaaaaaa at coco.merseine.nu Z1aaaaaaa at coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
You cannot reply off-list:-)
More information about the test
mailing list