[Dshield] little experiment

Abuse abuse at what4now.com
Sun Mar 6 18:42:13 GMT 2005


** Reply to message from Henry Hertz Hobbit <hhhobbit at comcast.net> on Sat, 05
Mar 2005 09:13:16 -0700

> I have searched the RFCs, and you are probably correct.  What they want
> that IP address for, is just to know where the message is coming from. 
> If it is your WAN address instead of the internal LAN address you are
> just fine.  They just don't want you pretending to be somebody you
> aren't.

What you need is an email client that can be configured to work the way you
want it to.  The RFC states that the HELO/EHLO data can be either the domain
name or an IP address, so if you can not configure your email client to use the
domain name you should complain to them.  The data in the HELO/EHLO is easily
forged and was put in the original spec when the internet was a more trusting
place.  RFC2821 adds the "tcp-info" data that can not be forged so most people
ignore the HELO/EHLO data.  

In the receive line of your message

Received: from [172.17.28.36]
(c-67-161-217-44.client.comcast.net[67.161.217.44]) by comcast.net

you should be able to tell your email client to use "comcast.net" instead of an
IP or "c-67-161-217-44.client.comcast.net" if you want to be exact.  The data
between the parentheses is inserted by the email server that receives the
message and you can not forge that, that is the data I look at whenever I want
to know where the email came from not the HELO/EHLO data (which can be easily
forged).



More information about the list mailing list