[Dshield] Unidentifiable e-mail

Josh Tolley josh at raintreeinc.com
Tue Jan 27 16:40:46 GMT 2004


It doesn't need a To line... The virus connects to a mail server, gives 
it MAIL FROM and RCPT TO commands, and then gives it the text of the 
email with whatever headers it wants, which the mail server entirely 
ignores. Most email servers that I've messed with (not many) won't 
modify those headers, or do anything at all with them. If you're writing 
a Perl script or something to send email using sendmail or an 
equivalent, the message you write goes through an SMTP client, which 
often *does* look at the headers to know where to go. But once the 
message gets to an SMTP server, anything apart from the Received header 
is largely irrelevant.

Josh

Kenneth Coney wrote:

> ?  No header at all?  How?  How does it get delivered (or even move) 
> without a to: line?  Where do they go?





More information about the list mailing list