How does one forge the headers of an email?

abefroman · 08-13-2005, 11:22 AM

How does one forge the headers of an email?

I dont see anywhere in the exim.conf where the IP is set.

To forge an email header do you actually have to change the packet as its leaving the server?

makuyl · 08-13-2005, 11:30 AM

Now why would you want to forge/spoof the IP?

sundialsvcs · 08-13-2005, 12:06 PM

The sending IP-address is going to be obtained from looking at where a particular connection-request came from. The trouble with e-mail is that any sort of SMTP header can be attached and it will be accepted. If you want to send e-mail from god@heaven.org, it will be accepted.

P.S.: The aforementioned web-site appears to be off-line right now. But I understand that they do accept requests 24/7 by means of mental telepathy...

jtshaw · 08-13-2005, 05:08 PM

I really don't like where this is going. We don't help spammers on this forum.

abefroman · 08-13-2005, 07:47 PM

I am learning computer forensics and in order to know if the headers of an email are forged I must know how to forge them myself. I hate spammers and would nerver spam.

titanium_geek · 08-13-2005, 08:28 PM

as well as seemingly violating the no spam/crack/warez rule, you also seem to be asking for homework help. I'm afraid that, due to high level paranoia (just kidding- we just hate spammers) the members are less likely to help you. Also, though you might never spam, any answers given are in public domain, accessable to any would be spammers.

ask other linux questions here- just not something like this.

blessings on the studies!
titanium_geek

jtshaw · 08-13-2005, 08:40 PM

What titanium_geek says is correct.. regardless of your intentions, we make a point of not publishing stuff like this hear because you never know the intentions of anyone else whom might read it.

At any rate... e-mail headers are far from complex... it's just plain text... nothing special.

As far as combating fake headers... I setup my e-mail server to check the validity of the sending e-mail addresses domain as well as the sending SMTP servers domain (provided during the HELO). If the domains are fake I return an error to the server. In the case of the HELO, if it is a valid domain and I make sure the IP of the SMTP server matches the whois records on the domain... if not, I reject it.

J.W. · 08-14-2005, 12:57 AM

The complicating factor with questions about "how to forge Email headers" is that they are contrary to the LQ Rule that states "Posts containing information about cracking, piracy, warez, fraud or any topic that could be damaging to either LinuxQuestions.org or any third party will be immediately removed." As you can expect, although a question about "how to forge" an Email header may be posted by someone who has a legitimate or academic interest in the research aspects of the question, it should be pretty obvious that spammers falsely could make the same claim, and obviously there is no practical way for LQ to ascertain the true intentions of the OP.

As a result, my view is that these questions just don't belong on LQ. There are plenty of other sites that deal exclusively with security issues, and these questions are better directed there. Personally I'd recommend visiting SecurityFocus -- J.W.

abefroman · 08-14-2005, 09:29 AM

Quote:

Originally posted by jtshaw
I setup my e-mail server to check the validity of the sending e-mail addresses domain as well as the sending SMTP servers domain (provided during the HELO). If the domains are fake I return an error to the server. In the case of the HELO, if it is a valid domain and I make sure the IP of the SMTP server matches the whois records on the domain... if not, I reject it.

How did you do this?

Are you running exim?

Capt_Caveman · 08-14-2005, 01:19 PM

Yeah, I think asking for a step-by-step HOWTO on forging email addresses has crossed the line. The basic concept has already been explained and there are plenty of places with that info that can be found via a google search.

//Thread Closed