Subject: Re: illegal network routes and a ponderance
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Andrew Brown <atatat@atatdot.net>
List: tech-net
Date: 02/22/2003 00:22:30
>>> Or rather, for illusion-of-security reasons.  There's not that much
>>> software left that makes security decisions based on packets' source
>>> addresses, and such software has always been buggy.
>> Sendmail, relay checks.
>
>Ugh, good point.  And - at least in the code I just looked at, which
>admittedly is probably not the most recent - sendmail doesn't disable
>any source-route option that's present.

what kind of source routing are you talking about here?  smtp routing?
sendmail takes care of that, and shoves the email to the ultimate
address.  or you can bounce it.  or neither.  it's configurable.

if it's ip source routing, then sendmail will detect it and stuff a
warning into the headers.  you can then filter based on that in your
sendmail.cf.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
werdna@squooshy.com       * "information is power -- share the wealth."