[imp] RFC 822 - Security hole???

Michael M Slusarz slusarz at bigworm.colorado.edu
Fri Jan 10 17:45:07 PST 2003


Quoting G G Papazoglou <grp at med.uoc.gr>:

| Hi. I use IMP with a mail server on a different machine.
| I have sent a mail using a dial-up connection. So, when I examined the
| RFC-822 header generated, I was surprised to see that the whole course
| of the message is recorded! It shows the initial IP of the dial-up
| connection (which of course could be a static IP), then the IP of the
| mail server, and then the IP of the server hosting IMP...This is
| really unwanted behavior. Can I prevent this from happening?
| 
| See what exactly this header is:
| 
| X-Apparently-To: recipient at yahoo.com via 66.218.78.20; 04 Jan 2003
| 15:52:39 -0800 (PST)
| Return-Path: <sender at mydomain.com>
| Received: from 1.2.3.4 (EHLO mail.mydomain.com) (1.2.3.4) by
| mta157.mail.scd.yahoo.com with SMTP; 04 Jan 2003 15:52:38 -0800 (PST)
| Received: from localhost (webmail.mydomain.com [5.6.7.8]) by
| mail.mydomain.com (8.12.7/8.12.7) with ESMTP id h056qYZ7011789; Sun, 5
| Jan 2003 01:52:34 -0500 (EST)
| Received: from 9.10.11.12 ( [9.10.11.12]) as user sender at 1.2.3.4 by
| webmail at mydomain.com with HTTP; Sun, 5 Jan 2003 01:54:53 +0200
| Message-ID: <1041724493.3e17744ddb43d at webmail.mydomain.com>
| Ημερομηνία: Sun, 5 Jan 2003 01:54:53 +0200
| Από: "Sender name" <sender at mydomain.com>
| Προς : recipient at yahoo.com
| Θέμα: test
| MIME-Version: 1.0
| Content-Type: text/plain; charset=ISO-8859-7
| Content-Transfer-Encoding: 8bit
| User-Agent: Internet Messaging Program (IMP) 3.1
| X-Originating-IP: 9.10.11.12
| X-MailScanner: Found to be clean
| Content-Length: 148

Edit imp/lib/Headers.php and add/subtract any headers you want.  Be 
forewarned that this is NOT correct RFC behavior, and is a typical check by 
some spam checkers to mark a message as spam.

If you want to protect your computer, hiding these Received: headers in 
mail messages isn't going to do very much at all - it is much more 
important to make sure the computer you are on is what is secure.  You can 
hide your Received headers all you want, but that is not the security hole -
the sending computer is.  The better solution is to install a firewall (or 
something equivalent) if you want maximum security.

michael

______________________________________________
Michael Slusarz [slusarz at bigworm.colorado.edu]
The University of Colorado at Boulder


More information about the imp mailing list