[Lilux-help] Weird headers @pt.lu

[henri (E-mail)]

This is my first ever Spam mail...

So you presume that the spammer did have my e-mail address?
I thought that P&T didn't allow relaying?

9 years without spam, presume netsky got one of my e-mail friends.

Thanks for the lesson,

Henri

-----Original Message-----
From: Eric Dondelinger [mailto:aim at vis.ethz.ch]
Sent: 15 June 2004 08:48
To: arnela.bm at pt.lu
Cc: Lilux-help at lilux.lu
Subject: Re: [Lilux-help] Weird headers @pt.lu


Hi,

On Mon, 14 Jun 2004, henri (E-mail) wrote:

> Here two mails I got in my @pt.lu mailbox, wonder if somebody else @pt.lu
> got something alike...
> Can somebody explain how they did this???

Exactly what are you wondering about?

In principle, email, or SMTP, is something very simple.
When any application or person wants do deliver a mail,
they connect to the target MTA (Mail Transfer Agent,
aka mailserver), usually on port 25:

telnet localhost 25

Now you tell the MTA where you are from (or pretend to be):

HELO example.com

And you follow up with your email address:

MAIL FROM: <blah at example2.com>

Note that here the domain can already be different from the
one in the "HELO" command.
Now you specify who the mail goes to:

RCPT TO: <fasel at example3.com>

This will normally be accepted only if the mailserver is a
legitimate relay for your network (i.e. your ISPs mailserver)
or if it is responsible for receiving mails for the example3.com
domain.
If this gets accepted, then you can deliver the mail body, which
is essentially free text. Most of the time, some headers will be
inserted, followed by an empty line, and then the "normal" mail
body. This part is terminated by a line with only a dot:

DATA
Subject: whatever
Date: yesterday
From: saddam.hussein at gov.iq
To: president at whitehouse.gov

You SuXXorS!
.

And now you can deliver another mail, or simply disconnect:

QUIT


>From there you can see how easy it is to forge things...

Greets & hth, Eric