Forging with SMTP
We won’t illustrate the SMTP interaction here. But
note that anyone can connect to your local
sendmail via
telnet(1) at port 25 or run
sendmail with the -bs command-line switch.
Once connected, sendmail must,
of necessity, believe everything it receives. The
only exception is the hostname sent in the HELO or
EHLO message.[76] In that case, the
sendmail program looks up the
real hostname based on the connection. If the stated
hostname and the real hostname differ, the false
name is used as the name of the sending host with
the real name added in parentheses:
250 your.host Hello false.host (real.host), pleased to meet you
The real hostname is then used as the sending hostname in the construction of all headers. The result (the header and body received by the user) might look something like this:
From root@false.host Dec 14 14:36:40 2007
Received: from false.host (real.host [real.IP.address]) by your.host (8.14.1/8.14.1)
id AA00998; Thu, 14 Dec 2007 14:36:38 −0700
Message-Id: <200712141257.l0NFSKNK016837@yourhost>
From: root@false.host (System Administration)
To: you@your.host
Subject: Change your password now!
Date: Thu, 14 Dec 2007 05:47:46 −0800
To improve security at our location you are requested to immediately
change your password. The password you have been assigned is:
7Fuzzy1's
Thank you,
--rootFortunately, this Received: header contains the name of the real host (which is not always the case). An attentive user can tell that this is a forged message because ...
Get sendmail, 4th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
