I demand that Adam McKenna may or may not have written... > On Wed, Dec 04, 2002 at 09:47:05AM +1100, Brian May wrote: >> On Tue, Dec 03, 2002 at 11:09:02AM +0100, Gerrit Pape wrote: >>> Autoresponders, bouncers, and other mail handling programs use the >>> envelope sender address, not an address found in any header of the mail. >>> I doubt that any abuse@ address replies to a bounce message. This is no >>> problem. >> You seem to imply that the envelope sender address is harder to forge? >> Yet my experience has been that I can telnet to port 25 on any mail >> server, and give it any envelope sender I want. >> Are there suppost to be some sort of checks placed on this address?
Yes. Try giving a remote (from the server's POV) address after RCPT TO and see if you still don't have a problem. Or try giving the server a local (to it) address after MAIL FROM: the server should complain unless you're on a network which it considers to be local. If it accepts *any* address after MAIL FROM *and* after RCPT TO regardless of where you're connecting from, then I'm sure that there's a spammer who'll be interested in hearing from you ;-) > He's talking about the envelope sender address on the confirmation > messages, which is empty (<>), the same as for bounce messages. That doesn't matter (much) wrt address/location checks... -- | Darren Salt | nr. Ashington, | linux (or ds) at | Linux PC, Risc PC | Northumberland | youmustbejoking | No Wodniws here | Toon Army | demon co uk | Running woody on the other machine. You will be held hostage by a radical group.
