Maybe all you need is to check PTR records for the MTA's connecting to you.
-----Original Message----- From: Matt Kettler [mailto:[EMAIL PROTECTED] Sent: 03 June 2005 08:56 PM To: Rick Macdougall Cc: Thomas Deaton; users@spamassassin.apache.org Subject: Re: validating i.p.'s Rick Macdougall wrote: > > > Thomas Deaton wrote: > >> How do I check that an incoming email has a valid i.p.? >> >> thanks > > > Hi, > > If it's not a valid IP then how does it get to your server ? Tcp blind spoofing attack? This is not exactly a workable option for most attackers in trying to deliver mail unless your mailserver runs a very badly written tcp stack that has highly predictable ISN's. Even semi-predictable ones like Windows 95 aren't easy to do a blind spoofing attack against if you want to fake a whole session, but it's quite possible against something like AIX 4.3. I guess Thomas needs to make it more clear what IP address he's looking to validate. The IP of the host dropping it off to your MTA obviously must be valid, otherwise there would be no return route and the TCP connection would never open in the first place. (unless someone did a blind spoofing attack, which as said above, isn't easy in most cases)
