From: Matt Kettler [mailto:[EMAIL PROTECTED] > > Bowie Bailey wrote: > > > Ok, so here is what I see as far as the mail path: > > > > - Sent from 24.249.175.230 ... untrusted > > - Received by 68.99.120.79 ... trusted > > - Received by pulsar.lfa.com ... untrusted (unless SA defaults the > > local machine) > > If pulsar.lfa.com is untrusted, all headers will be untrusted. > > After all, an untrusted box is assumed to be able to forge headers, > thus it could have forged the 68.99.120.79 header. Since you can't > prove it's not forged by pulsar, you can't trust it.
True, of course. I was just reading each IP on it's own. The first header (reading from the top) from an untrusted IP address and all of the headers below it will not be trusted. My only question there was whether SA will implicitly trust the machine it is running on. After all, if you can't trust yourself, who can you trust? :) Bowie
