LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Closed Thread
  Search this Thread
Old 08-13-2005, 11:22 AM   #1
abefroman
Senior Member
 
Registered: Feb 2004
Location: lost+found
Distribution: CentOS
Posts: 1,430

Rep: Reputation: 55
How does one forge the headers of an email?


How does one forge the headers of an email?

I dont see anywhere in the exim.conf where the IP is set.

To forge an email header do you actually have to change the packet as its leaving the server?
 
Old 08-13-2005, 11:30 AM   #2
makuyl
Senior Member
 
Registered: Dec 2004
Location: Helsinki
Distribution: Debian Sid
Posts: 1,107

Rep: Reputation: 54
Now why would you want to forge/spoof the IP?
 
Old 08-13-2005, 12:06 PM   #3
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 10,755
Blog Entries: 4

Rep: Reputation: 3966Reputation: 3966Reputation: 3966Reputation: 3966Reputation: 3966Reputation: 3966Reputation: 3966Reputation: 3966Reputation: 3966Reputation: 3966Reputation: 3966
The sending IP-address is going to be obtained from looking at where a particular connection-request came from. The trouble with e-mail is that any sort of SMTP header can be attached and it will be accepted. If you want to send e-mail from god@heaven.org, it will be accepted.

P.S.: The aforementioned web-site appears to be off-line right now. But I understand that they do accept requests 24/7 by means of mental telepathy...
 
Old 08-13-2005, 05:08 PM   #4
jtshaw
Senior Member
 
Registered: Nov 2000
Location: Seattle, WA USA
Distribution: Ubuntu @ Home, RHEL @ Work
Posts: 3,892
Blog Entries: 1

Rep: Reputation: 67
I really don't like where this is going. We don't help spammers on this forum.
 
Old 08-13-2005, 07:47 PM   #5
abefroman
Senior Member
 
Registered: Feb 2004
Location: lost+found
Distribution: CentOS
Posts: 1,430

Original Poster
Rep: Reputation: 55
I am learning computer forensics and in order to know if the headers of an email are forged I must know how to forge them myself. I hate spammers and would nerver spam.
 
Old 08-13-2005, 08:28 PM   #6
titanium_geek
Senior Member
 
Registered: May 2002
Location: Horsham Australia
Distribution: elementary os 5.1
Posts: 2,479

Rep: Reputation: 50
as well as seemingly violating the no spam/crack/warez rule, you also seem to be asking for homework help. I'm afraid that, due to high level paranoia (just kidding- we just hate spammers) the members are less likely to help you. Also, though you might never spam, any answers given are in public domain, accessable to any would be spammers.

ask other linux questions here- just not something like this.

blessings on the studies!
titanium_geek
 
Old 08-13-2005, 08:40 PM   #7
jtshaw
Senior Member
 
Registered: Nov 2000
Location: Seattle, WA USA
Distribution: Ubuntu @ Home, RHEL @ Work
Posts: 3,892
Blog Entries: 1

Rep: Reputation: 67
What titanium_geek says is correct.. regardless of your intentions, we make a point of not publishing stuff like this hear because you never know the intentions of anyone else whom might read it.

At any rate... e-mail headers are far from complex... it's just plain text... nothing special.

As far as combating fake headers... I setup my e-mail server to check the validity of the sending e-mail addresses domain as well as the sending SMTP servers domain (provided during the HELO). If the domains are fake I return an error to the server. In the case of the HELO, if it is a valid domain and I make sure the IP of the SMTP server matches the whois records on the domain... if not, I reject it.
 
Old 08-14-2005, 12:57 AM   #8
J.W.
LQ Veteran
 
Registered: Mar 2003
Location: Boise, ID
Distribution: Mint
Posts: 6,642

Rep: Reputation: 87
The complicating factor with questions about "how to forge Email headers" is that they are contrary to the LQ Rule that states "Posts containing information about cracking, piracy, warez, fraud or any topic that could be damaging to either LinuxQuestions.org or any third party will be immediately removed." As you can expect, although a question about "how to forge" an Email header may be posted by someone who has a legitimate or academic interest in the research aspects of the question, it should be pretty obvious that spammers falsely could make the same claim, and obviously there is no practical way for LQ to ascertain the true intentions of the OP.

As a result, my view is that these questions just don't belong on LQ. There are plenty of other sites that deal exclusively with security issues, and these questions are better directed there. Personally I'd recommend visiting SecurityFocus -- J.W.
 
Old 08-14-2005, 09:29 AM   #9
abefroman
Senior Member
 
Registered: Feb 2004
Location: lost+found
Distribution: CentOS
Posts: 1,430

Original Poster
Rep: Reputation: 55
Quote:
Originally posted by jtshaw
I setup my e-mail server to check the validity of the sending e-mail addresses domain as well as the sending SMTP servers domain (provided during the HELO). If the domains are fake I return an error to the server. In the case of the HELO, if it is a valid domain and I make sure the IP of the SMTP server matches the whois records on the domain... if not, I reject it.
How did you do this?

Are you running exim?
 
Old 08-14-2005, 01:19 PM   #10
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 69
Yeah, I think asking for a step-by-step HOWTO on forging email addresses has crossed the line. The basic concept has already been explained and there are plenty of places with that info that can be found via a google search.

//Thread Closed
 
  


Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Sending email in PHP, what headers should I use? abefroman Programming 2 10-12-2005 02:49 AM
email headers ziegen Linux - Security 1 08-24-2005 06:11 PM
Forge email address vittibaby Linux - Security 1 11-19-2003 06:21 PM
warning in email headers? GraemeK Linux - Networking 12 10-05-2003 03:56 PM
email headers.... magyartoth Linux - Security 2 05-01-2002 01:52 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:31 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration