On 2013-04-24 19:04:12 -0500, Derek Martin wrote: > On Wed, Apr 24, 2013 at 10:43:06PM +0200, Vincent Lefevre wrote: > > It is random and not predictable. For instance: > > > > Received: from ioooi.vinc17.net (ioooi.vinc17.net [92.243.22.117]) > > by xvii.vinc17.org (Postfix) with ESMTP id 66D0D40C037 > > ^^^^^^^^^^^ > > WRONG. > > $ mail -s "testing" test1 test2 > hi. > . > Cc: > $ sudo md5sum /var/spool/mail/test1 > f7b6d3ca015ad2f0b3f39e0dc6335763 /var/spool/mail/test1 > $ sudo md5sum /var/spool/mail/test2 > f7b6d3ca015ad2f0b3f39e0dc6335763 /var/spool/mail/test2 > > End of discussion, as far as I'm concerned.
This happens when mail is sent locally on the machine. But at many places, in particular when machines are shared among several users (which is the case when there is a malicious attacker), mail is centralized on a different, specific machine. In this case, copies get different ids in some "Received:" header. At least this is what I can observe. -- Vincent Lefèvre <[email protected]> - Web: <http://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <http://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
