[ot] internal ip address

Glenn Steen glenn.steen at gmail.com
Thu Feb 7 20:52:10 GMT 2008


On 07/02/2008, Matt Kettler <mkettler at evi-inc.com> wrote:
> Glenn Steen wrote:
> >  For the
> > vast majority of organizations, this is a very minor threat, not worth
> > breaking RFC...
>
> Like.. gmail?
:-)

> Received: by wa-out-1112.google.com with SMTP id m16so1283782waf.14
>
> Actually, AFAIK, that doesn't actually violate the RFCs.. you MUST add a
> Received: header, but I don't see anything in 2821/2822/1123 requiring you to
> add a from clause.
Ah, but the "breakage" is in _removing_ a Received line added by
another SMTP server, be that internal or not... Hm, maybe I'm an
idiot, and the original question was just about the Received line
added by the MS gw... Sigh. Just goes to show one shouldn't try to do
more than three things simultaneously (I got my new DB servers today,
or rather the storage and racks... as a surprise "here we are, four
workdays early.... Where should we put them?" kind of thing, on a busy
day...). Sorry, might've be me typing without much afterthought.

> > I'm not saying you're wrong, just that it is ... really minor...
> > compared to a lot of other email-related threats:-)... Yes, you can
> > counter with "your generalization is bigger than mine"... I know I do
> > it too...:-)
> >
> > On the whole, I see very little _real possibility_ of damages from this.
> > It is a leakage, yes.... but negligible in most cases. that's MHO ate least:-).
>
> I would agree in most cases it is very minor or negligible. I never said this
> applied to most, or even very many people.
See above, me reading too fast:-).
I tend to react to "security by obscurity" or "the auditor said this
is bad for everyone" kind of arguments, where one hasn't done any form
of risk assessment...  so that was probably what got me going:-).

> My only point was the "if it's unroutable, you can't hack it" argument isn't a
> very complete view of network security.
Quite true.  As usual,I find we're in violent agreement (of a
sorts:-). I truly value your comments.

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se


More information about the MailScanner mailing list