Path: utzoo!attcan!uunet!cs.utexas.edu!wuarchive!psuvax1!news From: ehrlich@cs.psu.edu (Dan Ehrlich) Newsgroups: mail.uk-sendmail-workers,comp.mail.sendmail Subject: Re: Forging messages Message-ID: Date: 6 Nov 90 19:58:17 GMT References: <25249.9011061356@expya.cs.exeter.ac.uk> Sender: news@cs.psu.edu (Usenet) Organization: Computer Science Department, Penn State University Lines: 31 In-Reply-To: K.Sattar@cs.exeter.ac.uk's message of 6 Nov 90 13:56:59 GMT Nntp-Posting-Host: colossus.cs.psu.edu In article <25249.9011061356@expya.cs.exeter.ac.uk> K.Sattar@cs.exeter.ac.uk (Khalid Sattar) writes: Khalid> Original-Sender: admin@cs.exeter.ac.uk Khalid> I have just realised that anyone on our machine which is a Pyramid Khalid> running IDA sendmail 5.61 (or any of the suns in the campus running Khalid> sun standard 4.0.3 supplied sendmail) that it is possible to forge a Khalid> message to make it appears as if it came from someone else. This is Khalid> because sendmail allows the forger to change From, and Sender fields. Khalid> Looking at the delivered mail I cannot find any tell tales that would Khalid> reveal the identity of the forger. How can I stop this? Khalid> extra info: Khalid> The sendmail.cf does not contain the forger in its trused list of Khalid> users. The sendmail is setuid to root and the default user in the .cf Khalid> file is 16 (mailer) and group is daemon Khalid> password file entry for mailer Khalid> mailer:DISABLED:16:1:Mailer:/:/bin/false Khalid> Relevent bits of my sendmail.cf Anyone with a copy of the RFCs that describe SMTP and a unix box that runs a SMTP delivery agent can forge mail. Just telnet up to the SMTP port. What to do next is left as an exercise for the reader. ;-) -- Dan Ehrlich - Sr. Systems Programmer - Penn State Computer Science /Voice: +1 814 863 1142/FAX: +1 814 865 3176