[Dshield] little experiment

Brance Amussen :)_S brance at jhu.edu
Thu Mar 3 16:29:33 GMT 2005


Right, now I see the line.. Didn't read the entire thing yesterday.. :) 
Still can't see the purpose..  Even if it made any difference for the
"return-path", which I'd say 99.8% of the time it doesn't as the originating
machines are rarely mail drops as well.. 
Oh well.. 


-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Abuse
Sent: Wednesday, March 02, 2005 8:19 PM
To: General DShield Discussion List
Subject: Re: [Dshield] little experiment

** Reply to message from Henry Hertz Hobbit <hhhobbit at comcast.net> on Wed,
02 Mar 2005 11:28:52 -0700

> I am not using nis, nisplus, or db on this machine.  So if you were 
> counting on this tip to work, it is some sort of anomaly that only 
> works with Windows.  I am trying to think if there is some reason it 
> needs to be there from the transport layer network perspective, and 
> don't have an answer right now.  By that I mean, if you have multiple 
> machines on an internal NAT'd subnet all talking to the same external 
> SMTP server, is it needed to avoid collisions?  I would say no, since 
> each connection IS a dedicated TCP connection.  For some reason there 
> is this nagging thought in the back of my mind that the sending IP is 
> required by some RFC for email.

RFC2821 says
"received from" domain name or IP address (from HELO) followed by "("
tcp-info ")"
tcp-info = IP address of connection and domain name from DNS of IP address
of the connection
-------------- Sponsor Message ------------------------------------
SANS Intrusion Immersion Training: Orlando, FL, February 3-9th
http://www.sans.org/orlando05

_______________________________________________
send all posts to list at lists.dshield.org To change your subscription options
(or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list





More information about the list mailing list