jim at ENTROPHY-FREE.NET
Tue Nov 26 21:02:20 GMT 2002
On Tue, 2002-11-26 at 14:35, Julian Field wrote:
> The difference is that the first connection to the MTA can be extracted
> (fairly reliably) from the envelope, without using the headers. All further
> ones have to be read from the headers, and are hence liable to be faked.
> There's a big difference between using the first one and using any of the
> others. Which is why I only consider the first. I don't intend changing that.
I agree that you can't trust anything below the second Received header
in a relay environment. But, you can trust the first two since they were
added by "your MTA's, provided that the immediate upstream MTA is your
relay. As long as you verify that the message was received from one of
your relays I don't see a way for a spammer to fake the second Received
header and so it should be as safe as the envelope MTA's IP.
The instructions said to use Windows 98 or better, so I installed RedHat
Jim Levie email:
jim at entrophy-free.net
More information about the MailScanner