On 01/11/2011 03:33 PM, Adam Moffett wrote:
On 01/11/2011 03:24 PM, Jari Fredriksson wrote:
On 11.1.2011 21:24, Mauricio Tavares wrote:
Am I correct? What would stop someone from trying to fake the
originating IP to fit the ones in the above list?
If I am not mistaken, the IP protocol and SMTP. Someone might fake the
address when sending to you MTA, but your MTA's response would go to
wrong address, the fake one. There would be no session and talk between
the hosts to create a SPAM
Right, it's kind of difficult to fake your source IP in a TCP session.
But if I read the manual correctly the whitelist_from_rcvd that he's
asking about does lookups on hosts in the "Received-from: " headers in
the message.....which would be trivial to fake.
Sounds like whitelist_from_rcvd is not particularly useful then.
