[Mimedefang] Accuracy of infected IP in mdlog

Paul Murphy pmurphy at ionixpharma.com
Fri May 14 09:03:44 EDT 2004 

Jerome,

> how do you know about the originating IP adress so ??
> 
> I understand that it's surely possible to add received lines
> to make believe the sender is someone else, but there's surely
> a way to analyze the sanity of received lines, this may be a 
> good thing.
> 
> what about making us the choice of choosing what we want to believe ?
> using the last received as the good one is not the best at all.
> 
> I prefer seeing "xx.yy.zz.cc" is infected rather than 127.0.0.1...
> but that's my point of course

The SMTP protocol does not generally support authentication of senders.  If you
want to be sure that you know exactly who is mailing you, use S/MIME or PGP and
enforce a rule that only known addresses in combination with known encryption
keys can be used to mail you.

In summary, TCP packets can be forged, TCP connections can be spoofed and/or
intercepted, SMTP sender addresses can be spoofed, Sendmail "received" headers
can be spoofed, and remote systems can be taken over by malicious software or
people.  SMTP relays can be used to disguise the source of messages, or can be
used to generate fake messages.  Web applications can be abused to generate fake
messages.  Viruses can generate just about all of these.

In other words, as we've all been trying to tell you:

A.  Notifying the supposed sender of a virus is a waste of time
B.  Wanting to do so does not magically make it possible
C.  Trying to force the software to do extra work to pick a possible sender on
the off-chance that you are mad enough to believe it is a waste of time

Sorry if that sounds harsh, but that's life.  IPv6, universal public key
cryptography and fully-traceable connections have been the target of IT research
and proposals for the last 10 years or so, and we're not really any nearer to
seeing it happen.  At some point it will  happen, but I recommend you don't hold
your breath.

Best Wishes,

Paul.
__________________________________________________
Paul Murphy
Head of Informatics
Ionix Pharmaceuticals Ltd
418 Science Park, Cambridge, CB4 0PA

Tel. 01223 433741
Fax. 01223 433788



_______________________________________________________________________
DISCLAIMER:
This email and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to which they
are addressed.  If you have received this email in error please contact
the sender or the Ionix IT Helpdesk on +44 (0) 1223 433741
_______________________________________________________________________

More information about the MIMEDefang mailing list