[Mimedefang] MessageID anti-impersonation function for sub filter()

Troy Carpenter troy at carpenter.cx
Wed May 26 13:55:27 EDT 2004 

I have to agree here.  I went back and checked a number of email lists
that I subscribe to.  ALL messages I sent to the list arrived back at my
mail server with the original message ID that my system gave the
message.

So, I have other mail servers, namely list mail servers, that send me
messages with my system name in the message ID.  AND, those message IDs
are from my internal email system (an Exchange server)...they were NOT
rewritten my by gateway email server on their way out (Sendmail server).

I can only assume that since my servers don't rewrite the message ID
when they relay messages, then mailing lists servers, which are
specialized email relays, don't rewrite that message ID either.

Go a step further and looked at the message ID from ANY email that comes
from a mailing list, and you will see the message ID contains the domain
of the original sender. 

Troy Carpenter
troy at carpenter.cx

-----Original Message-----
Date: Wed, 26 May 2004 11:45:58 -0400
From: Joseph Brennan <brennan at columbia.edu>
Subject: RE: [Mimedefang] MessageID anti-impersonation function for
	sub fi lter()
To: mimedefang at lists.roaringpenguin.com
Message-ID: <2147483647.1085571958 at alpha.cc.columbia.edu>
Content-Type: text/plain; charset=us-ascii; format=flowed

Some data.

[snip]

msgid=<CLEIKBNIBILDPGGNFBBKMEEGCHAA.xx427 at columbia.edu>

This comes from Yahoo Groups.  The sender was xx427 at columbia.edu
(actually not xx but two other letters!).  This looks legit.  I see some
others.  This seems to be how Yahoo Groups constructs message ids.


[snip]

msgid=<05/26/2004|xxx36 at columbia.edu|14627>

Good grief.  The recipient is xxx36 at columbia.edu.  Probably legit.
Sending host in morningstar.com.



msgid=<AD28736B-AF25-11D8-B98E-000393758614 at columbia.edu>

>From a Verizon mail server.  Sender address is xx at columbia.edu and it
appears to be one of our users sending mail from an ISP.  Some clients
construct the Message-ID using the default domain name.  This is an
important example but I have to admit it is the only one I can find in
this syslog file, so it appears to be unusual.

Joseph Brennan
Academic Technologies Group, Academic Information Systems (AcIS)
Columbia University in the City of New York

More information about the MIMEDefang mailing list