qmail: forgeries.7@068428edee47 (annotated)

0 068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	1	.TH forgeries 7
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	2	.SH "NAME"
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	3	forgeries \- how easy it is to forge mail
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	4	.SH "SUMMARY"
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	5	An electronic mail message can easily be forged.
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	6	Almost everything in it,
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	7	including the return address,
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	8	is completely under the control of the sender.
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	9
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	10	An electronic mail message can be manually traced to its origin
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	11	if (1) all system administrators of intermediate machines
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	12	are both cooperative and competent,
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	13	(2) the sender did not break low-level TCP/IP security,
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	14	and
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	15	(3) all intermediate machines are secure.
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	16
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	17	Users of
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	18	.I cryptography
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	19	can automatically ensure the integrity and secrecy
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	20	of their mail messages, as long as
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	21	the sending and receiving machines are secure.
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	22	.SH "FORGERIES"
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	23	Like postal mail,
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	24	electronic mail can be created entirely at the whim of the sender.
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	25	.BR From ,
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	26	.BR Sender ,
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	27	.BR Return-Path ,
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	28	and
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	29	.BR Message-ID
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	30	can all contain whatever information the sender wants.
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	31
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	32	For example, if you inject a message through
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	33	.B sendmail
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	34	or
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	35	.B qmail-inject
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	36	or
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	37	.BR SMTP ,
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	38	you can simply type in a
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	39	.B From
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	40	field.
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	41	In fact,
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	42	.B qmail-inject
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	43	lets you set up
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	44	.BR MAILUSER ,
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	45	.BR MAILHOST ,
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	46	and
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	47	.B MAILNAME
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	48	environment variables
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	49	to produce your desired
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	50	.B From
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	51	field on every message.
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	52	.SH "TRACING FORGERIES"
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	53	Like postal mail,
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	54	electronic mail is postmarked when it is sent.
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	55	Each machine that receives an electronic mail message
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	56	adds a
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	57	.B Received
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	58	line to the top.
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	59
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	60	A modern
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	61	.B Received
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	62	line contains quite a bit of information.
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	63	In conjunction with the machine's logs,
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	64	it lets a competent system administrator
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	65	determine where the machine received the message from,
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	66	as long as the sender did not break low-level TCP/IP security
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	67	or security on that machine.
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	68
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	69	Large multi-user machines often come with inadequate logging software.
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	70	Fortunately, a system administrator can easily obtain a copy of a
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	71	931/1413/Ident/TAP server, such as
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	72	.BR pidentd .
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	73	Unfortunately,
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	74	some system administrators fail to do this,
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	75	and are thus unable to figure out which local user
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	76	was responsible for generating a message.
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	77
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	78	If all intermediate system administrators are competent,
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	79	and the sender did not break machine security or low-level TCP/IP security,
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	80	it is possible to trace a message backwards.
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	81	Unfortunately, some traces are stymied by intermediate system
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	82	administrators who are uncooperative or untrustworthy.
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	83	.SH "CRYPTOGRAPHY"
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	84	The sender of a mail message may place his message into a
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	85	.I cryptographic
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	86	envelope stamped with his seal.
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	87	Strong cryptography guarantees that any two messages with the same seal
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	88	were sent by the same cryptographic entity:
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	89	perhaps a single person, perhaps a group of cooperating people,
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	90	but in any case somebody who knows a secret originally held
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	91	only by the creator of the seal.
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	92	The seal is called a
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	93	.I public key\fR.
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	94
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	95	Unfortunately, the creator of the seal is often an insecure machine,
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	96	or an untrustworthy central agency,
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	97	but most of the time seals are kept secure.
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	98
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	99	One popular cryptographic program is
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	100	.BR pgp .
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	101	.SH "SEE ALSO"
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	102	pgp(1),
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	103	identd(8),
068428edee47 Imported qmail-1.03 "Tomas Zeman <tomas.zeman@sun.com>" parents: diff changeset	104	qmail-header(8)

author	"Tomas Zeman <tomas.zeman@sun.com>"
	Fri, 19 Oct 2007 14:06:22 +0200
changeset 0	068428edee47
permissions	-rw-r--r--