[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Cutting Out Mail Headers....
Brad Van Orden wrote: > > See the lines below where it says "Original Message?" > The "From:," "Sent:," "To:," and "Subject:" lines are all part of > the header. If you remove them, how is any server going to know > how to deliver your e-mail? Brad, Go get the O'Reilly sendmail book and read section 1.7 "The Envelope". Reread it and look through the spam mail that you receive and until you understand that those headers don't necessarily have anything to do with a server delivering e-mail. The most important part of section 1.7 is this: "When sending network mail, sendmail must give the remote site a list of sender and recipients SEPARATE FROM AND BEFORE it sends the mail message (header and body)." "Because this information is conveyed separately from the message header, it is called the envelope." Do some experimentation by using telnet or netcat to connect directly to an SMTP server. $ telnet mailserver.mydomain.com 25 Connected to mailserver. Escape character is '^]'. 220 mailserver.mydomain.com ESMTP Tue, Mar 2001 09:26:52 -0700 (MST) HELO laptop.mydomain.com 250 mailserver Hello laptop.mydomain.com [10.1.1.10], pleased to meet you MAIL FROM: [email protected] 250 2.1.0 [email protected]... Sender ok RCPT TO: [email protected] 250 2.1.5 [email protected]... Recipient ok DATA 354 Enter mail, end with "." on a line by itself Look ma, no headers! -bye . 250 2.0.0 f2DER2Q04034 Message accepted for delivery QUIT 221 2.0.0 mailserver.mydomain.com closing connection Connection closed by foreign host. $ The RCPT command is what specifies the recipient. A To: header within the message is not even necessary. If a From: header does not exist, sendmail and others will use the argument to the MAIL command to fill in a From: header. Here is the resulting message as it appears in the spool file after delivery with all headers included: ------------------------- >From [email protected] Tue Mar 13 09:27:03 2001 Received: from laptop.mydomain.com (laptop.mydomain.com [10.1.1.10]) by mailserver.mydomain.com with SMTP id f2DER2Q04034 for [email protected]; Tue, 13 Mar 2001 09:26:52 -0700 (MST) Date: Tue, 13 Mar 2001 09:26:52 -0700 (MST) From: [email protected] Message-ID: <[email protected]> Status: 0 Look ma, no headers! -bye ------------------------- All of the headers were added by the SMTP server and To: isn't one of them. I could have supplied my own Date:, From: and Received: headers and made them anything I want in order to obfuscate the real source of the e-mail. Spammers do this. This is really useful stuff to understand when you go about building protection against spoofing and spamming. Some of your controls need to target the envelope information provided in the SMTP dialog while others need to check for goofiness in the headers. Just remember that when talking about network delivery of mail, it's the envelope and not the headers that determine where the mail gets sent. -paul ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|