Did you know LQ has a Linux Hardware Compatibility List?
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


  Search this Thread
Old 03-28-2007, 05:47 PM   #1
Registered: Nov 2005
Distribution: slamd64, slackware64
Posts: 34

Rep: Reputation: 15
qmail spoofing return-path (from field)


I've configured qmail/vpopmail/courier to work for sending/recieving mails, with smtp authetnification, meaning that every user that would like to send mail thru mail server must use valid username and password.
But I noticed today, that users can manipulate return-path form.

For example if I set return-path in thunderbird as the email will be sent and mail would look like someone relly sent it from intel.

Showed on example under.
My "real-username" at mail server is but as you can see I faked the return-path to something else.

Return-Path: <>
Received: (qmail 5267 invoked from network); 28 Mar 2007 11:56:43 -0000
Received: from somehost.fromuser (HELO usercomp2) (
by with SMTP; 28 Mar 2007 11:56:43 -0000
Message-ID: <000123c76f9d$eh6c9c70$1300a8c0@usercomp2>
From: My Name <>
To: "Admin" <>
References: <001101caaf8e$33f9e200$1700a8c0@usercomp2> <>
Subject: Changing Return-path/from unexisting user
Date: Wed, 28 Mar 2007 13:03:33 +0200

I would like to know is there any possibilty to force return-path and from field to be same as username ( It would be the best if I get some error message when I try to use fake mail address (different from my real username address).

any help


Last edited by j0hnd0e; 09-30-2007 at 06:34 AM.
Old 03-29-2007, 11:11 PM   #2
Senior Member
Registered: Jun 2003
Location: California
Distribution: Slackware
Posts: 1,181

Rep: Reputation: 49
I've never seen a configuration that authenticates based on the From or Reply-to addresses; this is a common avenue for Spammers to send emails "from" domain email addresses. If this could be set, it'd be interesting to see how it scaled (the maintenance time would grow very quickly) when the server starts supply email services for domains, et cetera.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Sendmail re-writing return path hammer65 Linux - Software 1 02-01-2007 11:59 AM
Postfix: why is 'Return-Path' of bounce message empty Chowroc Linux - Networking 1 12-28-2005 04:52 AM
absolute path to qmail in sme 5.6? dopper Linux - Software 0 10-28-2003 02:48 PM
php mail script return path richard22 Linux - Software 1 08-22-2003 05:10 AM
Sendmail return path dj_relentless Linux - General 2 06-07-2002 07:40 AM

All times are GMT -5. The time now is 06:18 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration