[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Curious response

To: suse-security@xxxxxxxx
Subject: Re: [suse-security] Curious response
From: Keith Roberts <keith@xxxxxxxxxxxxxxxxxxxxxxxx>
Date: Sat, 13 Dec 2003 18:42:30 +0000 (GMT)
Delivered-to: mailing list suse-security@xxxxxxxx
Delivery-date: Sat, 13 Dec 2003 19:43:06 +0100
Envelope-to: suse@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
List-help: <mailto:suse-security-help@suse.com>
List-post: <mailto:suse-security@suse.com>
List-subscribe: <mailto:suse-security-subscribe@suse.com>
List-unsubscribe: <mailto:suse-security-unsubscribe-suse=archive.cert.uni-stuttgart.de@suse.com>
Mailing-list: contact suse-security-help@xxxxxxxx; run by ezmlm

Thanks for the explaination Sven.

I have tried altering my from address in Pine 4.44, under
SuSE 8.1 pro.

When I try to send the mail to suse-security@xxxxxxxx with a
dummy from address in the header from, Pine gives me the
following error message:

Mail not sent: <keith@xxxxxxxxxxxxxxxx>

Sender address rejected:

Domain not found.

This may be pine checking the header from, not
suse-security@xxxxxxxxx


So I change this header from address in Pine to:

<keith@xxxxxxxxxxxxxxxxxx>

With that address, it gets past pine, but hasn't made it to
this list yet!  (It may bounce back soon!)

Have you got an http:// address for the mailing-list FAQ
please?

Kind Regards - Keith



On Sat, 13 Dec 2003, Sven Wahl wrote:

> To: suse-security@xxxxxxxx
> From: Sven Wahl <x1svewah@xxxxxxxxxxx>
> Subject: Re: [suse-security] Curious response

snip

> A2.  The header from is probably what you think of as the "from";
>      e.g.
>         From: foo@xxxxxxx
>      It is contained in DATA portion of the mail (that's the part
>      of the mail that you, as a user, write).  The envelope from
>      is written by your mail transport agent, or MTA.  That's the
>      thing that your mail client hands the message you just wrote
>      off to to have it delivered.  An envelope is generally
>      represented as this in the traditional mbox format:
>         From foo@xxxxxxx Fri Mar  1 12:59:36 2002
>      If you use maildirs or some other mailbox format you probably
>      won't have that. Most MTAs copy the envelope from to the
>      Return-Path header so you can also get it from that.
>      This is who your MTA, in the words of RFC 822bis, says "the
>      author(s) of the message, that is, the mailbox(es) of the
>      person(s) or system(s) responsible for the writing of the
>      message.''
>      The mailing list software we use (ezmlm+idx) takes the envelope
>      from as the address to subscribe when you email
>      LISTNAME-subscribe@xxxxxxxxx  Other mailing list software might
>      use the header from.
>

>      There are lots of good technical reasons why the envelope from
>      is used (which you can read all about at the author's site:
>      http://cr.yp.to/immhf.html) but a big benefit for you is that
>      since the envelope from isn't displayed in list postings and
>      the header from is ignored you can set your header from to be
>      whatever you want.  This means that you can use your main email
>      address for the list and, if you munge the address, you won't
>      need to worry about it being harvested by an an evil spammer.
>      In other words, you are encouraged rot13, reverse, encrypt,
>      or do whatever to your header from (*except* leave it
>      unqualified) and it won't affect your subscription at all.




-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here

Follow-Ups:
- Re: [suse-security] Curious response
  - From: Sven Wahl

Prev by Date: Re: [suse-security] Curious response
Next by Date: Re: [suse-security] Curious response
Previous by thread: Re: [suse-security] Curious response
Next by thread: Re: [suse-security] Curious response
Index(es):
- Date
- Thread