Commit | Line | Data |
---|---|---|
2117e02e MW |
1 | .TH forgeries 7 |
2 | .SH "NAME" | |
3 | forgeries \- how easy it is to forge mail | |
4 | .SH "SUMMARY" | |
5 | An electronic mail message can easily be forged. | |
6 | Almost everything in it, | |
7 | including the return address, | |
8 | is completely under the control of the sender. | |
9 | ||
10 | An electronic mail message can be manually traced to its origin | |
11 | if (1) all system administrators of intermediate machines | |
12 | are both cooperative and competent, | |
13 | (2) the sender did not break low-level TCP/IP security, | |
14 | and | |
15 | (3) all intermediate machines are secure. | |
16 | ||
17 | Users of | |
18 | .I cryptography | |
19 | can automatically ensure the integrity and secrecy | |
20 | of their mail messages, as long as | |
21 | the sending and receiving machines are secure. | |
22 | .SH "FORGERIES" | |
23 | Like postal mail, | |
24 | electronic mail can be created entirely at the whim of the sender. | |
25 | .BR From , | |
26 | .BR Sender , | |
27 | .BR Return-Path , | |
28 | and | |
29 | .BR Message-ID | |
30 | can all contain whatever information the sender wants. | |
31 | ||
32 | For example, if you inject a message through | |
33 | .B sendmail | |
34 | or | |
35 | .B qmail-inject | |
36 | or | |
37 | .BR SMTP , | |
38 | you can simply type in a | |
39 | .B From | |
40 | field. | |
41 | In fact, | |
42 | .B qmail-inject | |
43 | lets you set up | |
44 | .BR MAILUSER , | |
45 | .BR MAILHOST , | |
46 | and | |
47 | .B MAILNAME | |
48 | environment variables | |
49 | to produce your desired | |
50 | .B From | |
51 | field on every message. | |
52 | .SH "TRACING FORGERIES" | |
53 | Like postal mail, | |
54 | electronic mail is postmarked when it is sent. | |
55 | Each machine that receives an electronic mail message | |
56 | adds a | |
57 | .B Received | |
58 | line to the top. | |
59 | ||
60 | A modern | |
61 | .B Received | |
62 | line contains quite a bit of information. | |
63 | In conjunction with the machine's logs, | |
64 | it lets a competent system administrator | |
65 | determine where the machine received the message from, | |
66 | as long as the sender did not break low-level TCP/IP security | |
67 | or security on that machine. | |
68 | ||
69 | Large multi-user machines often come with inadequate logging software. | |
70 | Fortunately, a system administrator can easily obtain a copy of a | |
71 | 931/1413/Ident/TAP server, such as | |
72 | .BR pidentd . | |
73 | Unfortunately, | |
212b6f5d | 74 | some system administrators fail to do this, |
2117e02e MW |
75 | and are thus unable to figure out which local user |
76 | was responsible for generating a message. | |
77 | ||
78 | If all intermediate system administrators are competent, | |
79 | and the sender did not break machine security or low-level TCP/IP security, | |
80 | it is possible to trace a message backwards. | |
81 | Unfortunately, some traces are stymied by intermediate system | |
82 | administrators who are uncooperative or untrustworthy. | |
83 | .SH "CRYPTOGRAPHY" | |
84 | The sender of a mail message may place his message into a | |
85 | .I cryptographic | |
86 | envelope stamped with his seal. | |
87 | Strong cryptography guarantees that any two messages with the same seal | |
88 | were sent by the same cryptographic entity: | |
89 | perhaps a single person, perhaps a group of cooperating people, | |
90 | but in any case somebody who knows a secret originally held | |
91 | only by the creator of the seal. | |
92 | The seal is called a | |
93 | .I public key\fR. | |
94 | ||
95 | Unfortunately, the creator of the seal is often an insecure machine, | |
96 | or an untrustworthy central agency, | |
97 | but most of the time seals are kept secure. | |
98 | ||
99 | One popular cryptographic program is | |
100 | .BR pgp . | |
101 | .SH "SEE ALSO" | |
102 | pgp(1), | |
103 | identd(8), | |
104 | qmail-header(8) |