On 04/18/2018 05:49 PM, Al Iverson wrote:
If you're downloading all your O365 mail and pulling the IP out of that header, then it's always going to be in the same format and dealing with it is trivial. Beyond that, when would it be safe to trust this received header, anyway? Unless it's the most recent one, could it not be faked?
Yes, it's possible to fake the Received (and other) headers.I have used the basic algorithm of "Do I trust the server that I got the message from enough to trust the Received: header that it added?" and iterate through each previous server and apply the same question.
In the past I've had to deal with DNSBL listings based on faked received headers-- IMHO, it's not safe to parse IPs beyond connections that you yourself have verified.
I've found this to be reasonably successful and safe for two or three servers, depending on the email infrastructure. - I don't need to verify the source IP of a TCP connection as reported by my outsourced spam scrubbign service. I trust them. (At least enough in this context.)
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
