nanog mailing list archives
Re: New hijacking - Done via via good old-fashioned Identity Theft
From: Robert Bonomi <bonomi () mail r-bonomi com>
Date: Fri, 8 Oct 2010 03:55:13 -0500 (CDT)
From nanog-bounces+bonomi=mail.r-bonomi.com () nanog org Thu Oct 7 23:37:29 2010 Date: Fri, 08 Oct 2010 15:38:12 +1100 From: Ben McGinnes <ben () adversary org> To: Leen Besselink <leen () consolejunkie net> Subject: Re: New hijacking - Done via via good old-fashioned Identity Theft Cc: nanog () nanog org This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigE085D76E6AF9BB6CCE824E1F Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 8/10/10 10:00 AM, Leen Besselink wrote:=20 key () domain tld for when you have a personal domain key-user () domain tld for when you have a server which understand address=extensionsActually I think it's user+key () domain tld for the second one. At least that's what I've seen for Postfix. Not so sure about other MTAs.
SendmMail 'invented' the 'plussed' extenstion to an address. Other MTAs mimic SendMail's behavior The '+key' is ignored for purposes of selecting the delivery mailbox username+anything gets handed to the LDA for final delivery to mailbox 'username',, _with_ the 'plus part' (i.e. 'anything, from above) available as an extra parameter. To selectively accept/discard on the plussed portion of the address, you either do it in th LDA (procmail, for example, makes this really easy), or you have to run a 'milter' that knows which plussed parts are valid for which users. For a mailserver that does -not- understand 'plussed' addresses, you can usually fake it out by putting the key as an extra elemnt of the host-name. e.g. user () key some dom ain tld. AFAIK eveery MTA accepts mail with a more-specific name than a name it has been explicitly told to accept (either for local delivry, or for forwarding) mail for.
Current thread:
- Re: New hijacking - Done via via good old-fashioned Identity Theft, (continued)
- Re: New hijacking - Done via via good old-fashioned Identity Theft Sven Olaf Kamphuis (Oct 09)
- Re: New hijacking - Done via via good old-fashioned Identity Theft Joe Greco (Oct 09)
- Re: New hijacking - Done via via good old-fashioned Identity Theft Nick Hilliard (Oct 07)
- Re: New hijacking - Done via via good old-fashioned Identity Theft Eric Brunner-Williams (Oct 06)
- Re: New hijacking - Done via via good old-fashioned Identity Theft Ben McGinnes (Oct 06)
- Re: New hijacking - Done via via good old-fashioned Identity Theft Owen DeLong (Oct 06)
- Re: New hijacking - Done via via good old-fashioned Identity Theft Eric Brunner-Williams (Oct 06)
- Re: New hijacking - Done via via good old-fashioned Identity Theft Ben McGinnes (Oct 06)
- Re: New hijacking - Done via via good old-fashioned Identity Theft Ben McGinnes (Oct 06)
- Re: New hijacking - Done via via good old-fashioned Identity Theft Sven Olaf Kamphuis (Oct 07)