|
1 .TH forgeries 7 |
|
2 .SH "NAME" |
|
3 forgeries \- how easy it is to forge mail |
|
4 .SH "SUMMARY" |
|
5 An electronic mail message can easily be forged. |
|
6 Almost everything in it, |
|
7 including the return address, |
|
8 is completely under the control of the sender. |
|
9 |
|
10 An electronic mail message can be manually traced to its origin |
|
11 if (1) all system administrators of intermediate machines |
|
12 are both cooperative and competent, |
|
13 (2) the sender did not break low-level TCP/IP security, |
|
14 and |
|
15 (3) all intermediate machines are secure. |
|
16 |
|
17 Users of |
|
18 .I cryptography |
|
19 can automatically ensure the integrity and secrecy |
|
20 of their mail messages, as long as |
|
21 the sending and receiving machines are secure. |
|
22 .SH "FORGERIES" |
|
23 Like postal mail, |
|
24 electronic mail can be created entirely at the whim of the sender. |
|
25 .BR From , |
|
26 .BR Sender , |
|
27 .BR Return-Path , |
|
28 and |
|
29 .BR Message-ID |
|
30 can all contain whatever information the sender wants. |
|
31 |
|
32 For example, if you inject a message through |
|
33 .B sendmail |
|
34 or |
|
35 .B qmail-inject |
|
36 or |
|
37 .BR SMTP , |
|
38 you can simply type in a |
|
39 .B From |
|
40 field. |
|
41 In fact, |
|
42 .B qmail-inject |
|
43 lets you set up |
|
44 .BR MAILUSER , |
|
45 .BR MAILHOST , |
|
46 and |
|
47 .B MAILNAME |
|
48 environment variables |
|
49 to produce your desired |
|
50 .B From |
|
51 field on every message. |
|
52 .SH "TRACING FORGERIES" |
|
53 Like postal mail, |
|
54 electronic mail is postmarked when it is sent. |
|
55 Each machine that receives an electronic mail message |
|
56 adds a |
|
57 .B Received |
|
58 line to the top. |
|
59 |
|
60 A modern |
|
61 .B Received |
|
62 line contains quite a bit of information. |
|
63 In conjunction with the machine's logs, |
|
64 it lets a competent system administrator |
|
65 determine where the machine received the message from, |
|
66 as long as the sender did not break low-level TCP/IP security |
|
67 or security on that machine. |
|
68 |
|
69 Large multi-user machines often come with inadequate logging software. |
|
70 Fortunately, a system administrator can easily obtain a copy of a |
|
71 931/1413/Ident/TAP server, such as |
|
72 .BR pidentd . |
|
73 Unfortunately, |
|
74 some system administrators fail to do this, |
|
75 and are thus unable to figure out which local user |
|
76 was responsible for generating a message. |
|
77 |
|
78 If all intermediate system administrators are competent, |
|
79 and the sender did not break machine security or low-level TCP/IP security, |
|
80 it is possible to trace a message backwards. |
|
81 Unfortunately, some traces are stymied by intermediate system |
|
82 administrators who are uncooperative or untrustworthy. |
|
83 .SH "CRYPTOGRAPHY" |
|
84 The sender of a mail message may place his message into a |
|
85 .I cryptographic |
|
86 envelope stamped with his seal. |
|
87 Strong cryptography guarantees that any two messages with the same seal |
|
88 were sent by the same cryptographic entity: |
|
89 perhaps a single person, perhaps a group of cooperating people, |
|
90 but in any case somebody who knows a secret originally held |
|
91 only by the creator of the seal. |
|
92 The seal is called a |
|
93 .I public key\fR. |
|
94 |
|
95 Unfortunately, the creator of the seal is often an insecure machine, |
|
96 or an untrustworthy central agency, |
|
97 but most of the time seals are kept secure. |
|
98 |
|
99 One popular cryptographic program is |
|
100 .BR pgp . |
|
101 .SH "SEE ALSO" |
|
102 pgp(1), |
|
103 identd(8), |
|
104 qmail-header(8) |