[Mimedefang] Accuracy of infected IP in mdlog
Jerome Tytgat
jerome.tytgat at asterion.fr
Mon May 17 08:15:57 EDT 2004
> We can, if we care to code it in Perl.
>
> *I* did not code Received header parsing in MIMEDefang for two reasons:
>
> 1) I don't see the point, and
> 2) Header lines can be faked.
>
> I posted code to parse Received: lines from trusted hosts; that's about
> as far as I would take header parsing. Anything more is dangerous and
> untrustworthy.
And I thank you of that.
I see that point clearly now about faked headers.
I was wondering now, if there's possibility to validate some fields
in the Headers (or to unvalidate them) to alert about faked HELO,
HEADERS, etc.
Is there any possibility to warm about something which looks like faked ?
More information about the MIMEDefang
mailing list