Re: IP number question

david20_at_alpha2.mdx.ac.uk
Date: 01/28/05

  • Next message: Bit Tamer: "Trends in security code reviews?" 
    Date: Fri, 28 Jan 2005 18:45:13 +0000 (UTC)

    In article <ctds7b$8jk$1@canopus.cc.umanitoba.ca>, roberson@ibd.nrc-cnrc.gc.ca (Walter Roberson) writes:
    >In article <ctdll3$o55$1@news.mdx.ac.uk>, <david20@alpha2.mdx.ac.uk> wrote:
    >|In article <ctbm99$amk$1@canopus.cc.umanitoba.ca>, roberson@ibd.nrc-cnrc.gc.ca (Walter Roberson) writes:
    >
    >|>That's a bit of a misconception. MTA's are not -required- to add the
    >|>IP address to headers of email messages, and there are literally tens
    >|>of thousands of them out there which do not. The Received-By: headers that
    >|>are commonly added are a convention, not a requirement,
    >
    >|From RFC 2821 (http://www.faqs.org/rfcs/rfc2821.html
    >
    >|3.8.2 Received lines in Gatewaying
    >
    >| When forwarding a message into or out of the internet environment, a gateway
    >| MUST prepend a Received: line, but it MUST NOT alter in any way a Received:
    >| line that is already in the header.
    >
    >|Hence any compliant internet facing MTA MUST add in received lines.
    >
    >According to RFC822, the only non-optional field in the Received:
    >header is the date-time, so my first statement is completely true,
    >and my second statement is correct with respect to what is
    >"commonly added".
    >

    There is a little bit of leeway in RFC2821 but it isn't much

    4.4 Trace Information

        When an SMTP server receives a message for delivery or further processing,
        it MUST insert trace ("time stamp" or "Received") information at the
        beginning of the message content, as discussed in section 4.1.1.4.

        This line MUST be structured as follows:

         - The FROM field, which MUST be supplied in an SMTP environment,
           SHOULD contain both (1) the name of the source host as presented
           in the EHLO command and (2) an address literal containing the IP
           address of the source, determined from the TCP connection.

    Hence according to the definitions of MUST and SHOULD in RFC2119

    It is an absolute requirement of the specification that in an SMTP environment
    the received line contains the FROM field.

    What that field may contain is more open to intepretation as it says in
    RFC2119

    SHOULD - This word, or the adjective "RECOMMENDED" , mean that there may exist
    valid reasons in particular circumstances to ignore a particular item, but the
    full implications must be understood and carefully weighed before choosing a
    different course.

    However for an SMTP MTA which is required to put something in the received line
    FROM field not to put in something traceable to the IP address of the system
    from which it received the message would appear to be perverse in the extreme.

    David Webb
    Security team leader
    CCSS
    Middlesex University

    >It's also not uncommon that systems throw away Received headers,
    >even if they are not supposed to.
    >--
    > "Mathematics? I speak it like a native." -- Spike Milligan

  • Next message: Bit Tamer: "Trends in security code reviews?"