From: Bill Gates (bgates@microsoft.com)
Date: Thu Sep 25 2003 - 15:34:36 EDT
Just to let everyone know. I have decided to change the Windows
engine from NT (New Technology) to Linux (Debian).
Yours Truely
Bill Gates
-----------------------------------------------------------------------------
As you can see this is a forged email. I am receiving a lot of email SPAM
that appears to be coming from people within our company but I am sure it
is not.
Reviewing the email headers you can see who actually sent it but most ppl
do not review headers of their email.
My concern is someone forging email stating things like, we are going to
layoff 20% of our workforce, or, As CEO I am going to resign as of tomorrow
2 A.M.
How is this able to work? Well I was trying to find out how I was receiving
this SPAM from an internal email address of a user that does not exist. What I
did was turn on debuging on our mail server, sendmail -X/var/log/maildump.log,
then waited for the forged email to come through. When it did, I noticed
what they had done is put a From: and To: line within the DATA portion of the
email and the mail servers actually used this instead of the mail from: and
the rcpt to: lines.
This may well be all within the RFC for sendmail but I don't like it and
I am asking for some insight as to how to prevent this.
The simple relay rules in sendmail does not prevent this type of spoofing.
L8Rz
Swoop
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:27:11 EDT