forgeries(7) [debian man page]
forgeries(7) Miscellaneous Information Manual forgeries(7) NAME
forgeries - how easy it is to forge mail SUMMARY
An electronic mail message can easily be forged. Almost everything in it, including the return address, is completely under the control of the sender. An electronic mail message can be manually traced to its origin if (1) all system administrators of intermediate machines are both coopera- tive and competent, (2) the sender did not break low-level TCP/IP security, and (3) all intermediate machines are secure. Users of cryptography can automatically ensure the integrity and secrecy of their mail messages, as long as the sending and receiving machines are secure. FORGERIES
Like postal mail, electronic mail can be created entirely at the whim of the sender. From, Sender, Return-Path, and Message-ID can all contain whatever information the sender wants. For example, if you inject a message through sendmail or qmail-inject or SMTP, you can simply type in a From field. In fact, qmail-inject lets you set up MAILUSER, MAILHOST, and MAILNAME environment variables to produce your desired From field on every message. TRACING FORGERIES
Like postal mail, electronic mail is postmarked when it is sent. Each machine that receives an electronic mail message adds a Received line to the top. A modern Received line contains quite a bit of information. In conjunction with the machine's logs, it lets a competent system administra- tor determine where the machine received the message from, as long as the sender did not break low-level TCP/IP security or security on that machine. Large multi-user machines often come with inadequate logging software. Fortunately, a system administrator can easily obtain a copy of a 931/1413/Ident/TAP server, such as pidentd. Unfortunately, some system administrators fail to do this, and are thus unable to figure out which local user was responsible for generating a message. If all intermediate system administrators are competent, and the sender did not break machine security or low-level TCP/IP security, it is possible to trace a message backwards. Unfortunately, some traces are stymied by intermediate system administrators who are uncooperative or untrustworthy. CRYPTOGRAPHY
The sender of a mail message may place his message into a cryptographic envelope stamped with his seal. Strong cryptography guarantees that any two messages with the same seal were sent by the same cryptographic entity: perhaps a single person, perhaps a group of cooperat- ing people, but in any case somebody who knows a secret originally held only by the creator of the seal. The seal is called a public key. Unfortunately, the creator of the seal is often an insecure machine, or an untrustworthy central agency, but most of the time seals are kept secure. One popular cryptographic program is pgp. SEE ALSO
pgp(1), identd(8), qmail-header(8) forgeries(7)
Check Out this Related Man Page
envelopes(5) File Formats Manual envelopes(5) NAME
envelopes - sender/recipient lists attached to messages INTRODUCTION
Electronic mail messages are delivered in envelopes. An envelope lists a sender and one or more recipients. Usually these envelope addresses are the same as the addresses listed in the mes- sage header: (envelope) from djb to root From: djb To: root In more complicated situations, though, the envelope addresses may differ from the header addresses. ENVELOPE EXAMPLES
When a message is delivered to several people at different locations, it is first photocopied and placed into several envelopes: (envelope) from djb to root From: djb Copy #1 of message To: root, god@brl.mil (envelope) from djb to god@brl.mil From: djb Copy #2 of message To: root, god@brl.mil When a message is delivered to several people at the same location, the sender doesn't have to photocopy it. He can instead stuff it into one envelope with several addresses; the recipients will make the photocopy: (envelope) from djb to god@brl.mil, angel@brl.mil From: djb To: god@brl.mil, angel@brl.mil, joe, frde Bounced mail is sent back to the envelope sender address. The bounced mail doesn't list an envelope sender, so bounce loops are impossi- ble: (envelope) from <> to djb From: MAILER-DAEMON To: djb Subject: unknown user frde The recipient of a message may make another copy and forward it in a new envelope: (envelope) from djb to joe From: djb Original message To: joe (envelope) from joe to fred From: djb Forwarded message To: joe A mailing list works almost the same way: (envelope) from djb to sos-list From: djb Original message To: sos-list (envelope) from sos-owner to god@brl.mil From: djb Forwarded message To: sos-list to recipient #1 (envelope) from sos-owner to frde From: djb Forwarded message To: sos-list to recipient #2 Notice that the mailing list is set up to replace the envelope sender with something new, sos-owner. So bounces will come back to sos- owner: (envelope) from <> to sos-owner From: MAILER-DAEMON To: sos-owner Subject: unknown user frde It's a good idea to set up an extra address, sos-owner, like this: the original envelope sender (djb) has no way to fix bad sos-list addresses, and of course bounces must not be sent to sos-list itself. HOW ENVELOPE ADDRESSES ARE STORED
Envelope sender and envelope recipient addresses are transmitted and recorded in several ways. When a user injects mail through qmail-inject, he can supply a Return-Path line or a -f option for the envelope sender; by default the envelope sender is his login name. The envelope recipient addresses can be taken from the command line or from various header fields, depending on the options to qmail-inject. Similar comments apply to sendmail. When a message is transferred from one machine to another through SMTP, the envelope sender is given in a MAIL FROM command, the envelope recipients are given in RCPT TO commands, and the message is supplied separately by a DATA command. When a message is delivered by qmail to a single local recipient, qmail-local records the recipient in Delivered-To and the envelope sender in Return-Path. It uses Delivered-To to detect mail forwarding loops. sendmail normally records the envelope sender in Return-Path. It does not record envelope recipient addresses, on the theory that they are redundant: you received the mail, so you must have been one of the envelope recipients. Note that, if the header doesn't have any recipient addresses, sendmail will move envelope recipient addresses back into the header. This situation occurs if all addresses were originally listed as Bcc, since Bcc is automatically removed. When sendmail sees this, it creates a new Apparently-To header field with the envelope recipient addresses. This has the strange effect that each blind-carbon-copy recipient will see a list of all recipients on the same machine. When a message is stored in mbox format, the envelope sender is recorded at the top of the message as a UUCP-style From (no colon) line. Note that this line is less reliable than the Return-Path line added by qmail-local or sendmail. SEE ALSO
qmail-header(5), qmail-local(8), qmail-inject(8) envelopes(5)