qmail 1.03 import

author: manuel <manuel@mausz.at> 2013-02-04 00:08:53 +0100
committer: manuel <manuel@mausz.at> 2013-02-04 00:08:53 +0100
commit: 69aec538b456402170dc723af417ba5c05389c32 (patch)
tree: e6f34c543f17c6392447ea337b2e2868212424d1 /forgeries.7
download: qmail-69aec538b456402170dc723af417ba5c05389c32.tar.gz
qmail-69aec538b456402170dc723af417ba5c05389c32.tar.bz2
qmail-69aec538b456402170dc723af417ba5c05389c32.zip
1 files changed, 104 insertions, 0 deletions
diff --git a/forgeries.7 b/forgeries.7
new file mode 100644
index 0000000..cb99fa7
--- /dev/null
+++ b/forgeries.7
@@ -0,0 +1,104 @@
+.TH forgeries 7
+.SH "NAME"
+forgeries \- how easy it is to forge mail
+.SH "SUMMARY"
+An electronic mail message can easily be forged.
+Almost everything in it,
+including the return address,
+is completely under the control of the sender.
+An electronic mail message can be manually traced to its origin
+if (1) all system administrators of intermediate machines
+are both cooperative and competent,
+(2) the sender did not break low-level TCP/IP security,
+and
+(3) all intermediate machines are secure.
+Users of
+.I cryptography
+can automatically ensure the integrity and secrecy
+of their mail messages, as long as
+the sending and receiving machines are secure.
+.SH "FORGERIES"
+Like postal mail,
+electronic mail can be created entirely at the whim of the sender.
+.BR From ,
+.BR Sender ,
+.BR Return-Path ,
+and
+.BR Message-ID
+can all contain whatever information the sender wants.
+For example, if you inject a message through
+.B sendmail
+or
+.B qmail-inject
+or
+.BR SMTP ,
+you can simply type in a
+.B From
+field.
+In fact,
+.B qmail-inject
+lets you set up
+.BR MAILUSER ,
+.BR MAILHOST ,
+and
+.B MAILNAME
+environment variables
+to produce your desired
+.B From
+field on every message.
+.SH "TRACING FORGERIES"
+Like postal mail,
+electronic mail is postmarked when it is sent.
+Each machine that receives an electronic mail message
+adds a
+.B Received
+line to the top.
+A modern
+.B Received
+line contains quite a bit of information.
+In conjunction with the machine's logs,
+it lets a competent system administrator
+determine where the machine received the message from,
+as long as the sender did not break low-level TCP/IP security
+or security on that machine.
+Large multi-user machines often come with inadequate logging software.
+Fortunately, a system administrator can easily obtain a copy of a
+931/1413/Ident/TAP server, such as
+.BR pidentd .
+Unfortunately,
+some system administrators fail to do this,
+and are thus unable to figure out which local user
+was responsible for generating a message.
+If all intermediate system administrators are competent,
+and the sender did not break machine security or low-level TCP/IP security,
+it is possible to trace a message backwards.
+Unfortunately, some traces are stymied by intermediate system
+administrators who are uncooperative or untrustworthy.
+.SH "CRYPTOGRAPHY"
+The sender of a mail message may place his message into a
+.I cryptographic
+envelope stamped with his seal.
+Strong cryptography guarantees that any two messages with the same seal
+were sent by the same cryptographic entity:
+perhaps a single person, perhaps a group of cooperating people,
+but in any case somebody who knows a secret originally held
+only by the creator of the seal.
+The seal is called a
+.I public key\fR.
+Unfortunately, the creator of the seal is often an insecure machine,
+or an untrustworthy central agency,
+but most of the time seals are kept secure.
+One popular cryptographic program is
+.BR pgp .
+.SH "SEE ALSO"
+pgp(1),
+identd(8),
+qmail-header(8)
author	manuel <manuel@mausz.at>	2013-02-04 00:08:53 +0100
committer	manuel <manuel@mausz.at>	2013-02-04 00:08:53 +0100
commit	69aec538b456402170dc723af417ba5c05389c32 (patch)
tree	e6f34c543f17c6392447ea337b2e2868212424d1 /forgeries.7
download	qmail-69aec538b456402170dc723af417ba5c05389c32.tar.gz qmail-69aec538b456402170dc723af417ba5c05389c32.tar.bz2 qmail-69aec538b456402170dc723af417ba5c05389c32.zip

diff --git a/forgeries.7 b/forgeries.7 new file mode 100644 index 0000000..cb99fa7 --- /dev/null +++ b/forgeries.7
@@ -0,0 +1,104 @@
	1	.TH forgeries 7
	2	.SH "NAME"
	3	forgeries \- how easy it is to forge mail
	4	.SH "SUMMARY"
	5	An electronic mail message can easily be forged.
	6	Almost everything in it,
	7	including the return address,
	8	is completely under the control of the sender.
	9
	10	An electronic mail message can be manually traced to its origin
	11	if (1) all system administrators of intermediate machines
	12	are both cooperative and competent,
	13	(2) the sender did not break low-level TCP/IP security,
	14	and
	15	(3) all intermediate machines are secure.
	16
	17	Users of
	18	.I cryptography
	19	can automatically ensure the integrity and secrecy
	20	of their mail messages, as long as
	21	the sending and receiving machines are secure.
	22	.SH "FORGERIES"
	23	Like postal mail,
	24	electronic mail can be created entirely at the whim of the sender.
	25	.BR From ,
	26	.BR Sender ,
	27	.BR Return-Path ,
	28	and
	29	.BR Message-ID
	30	can all contain whatever information the sender wants.
	31
	32	For example, if you inject a message through
	33	.B sendmail
	34	or
	35	.B qmail-inject
	36	or
	37	.BR SMTP ,
	38	you can simply type in a
	39	.B From
	40	field.
	41	In fact,
	42	.B qmail-inject
	43	lets you set up
	44	.BR MAILUSER ,
	45	.BR MAILHOST ,
	46	and
	47	.B MAILNAME
	48	environment variables
	49	to produce your desired
	50	.B From
	51	field on every message.
	52	.SH "TRACING FORGERIES"
	53	Like postal mail,
	54	electronic mail is postmarked when it is sent.
	55	Each machine that receives an electronic mail message
	56	adds a
	57	.B Received
	58	line to the top.
	59
	60	A modern
	61	.B Received
	62	line contains quite a bit of information.
	63	In conjunction with the machine's logs,
	64	it lets a competent system administrator
	65	determine where the machine received the message from,
	66	as long as the sender did not break low-level TCP/IP security
	67	or security on that machine.
	68
	69	Large multi-user machines often come with inadequate logging software.
	70	Fortunately, a system administrator can easily obtain a copy of a
	71	931/1413/Ident/TAP server, such as
	72	.BR pidentd .
	73	Unfortunately,
	74	some system administrators fail to do this,
	75	and are thus unable to figure out which local user
	76	was responsible for generating a message.
	77
	78	If all intermediate system administrators are competent,
	79	and the sender did not break machine security or low-level TCP/IP security,
	80	it is possible to trace a message backwards.
	81	Unfortunately, some traces are stymied by intermediate system
	82	administrators who are uncooperative or untrustworthy.
	83	.SH "CRYPTOGRAPHY"
	84	The sender of a mail message may place his message into a
	85	.I cryptographic
	86	envelope stamped with his seal.
	87	Strong cryptography guarantees that any two messages with the same seal
	88	were sent by the same cryptographic entity:
	89	perhaps a single person, perhaps a group of cooperating people,
	90	but in any case somebody who knows a secret originally held
	91	only by the creator of the seal.
	92	The seal is called a
	93	.I public key\fR.
	94
	95	Unfortunately, the creator of the seal is often an insecure machine,
	96	or an untrustworthy central agency,
	97	but most of the time seals are kept secure.
	98
	99	One popular cryptographic program is
	100	.BR pgp .
	101	.SH "SEE ALSO"
	102	pgp(1),
	103	identd(8),
	104	qmail-header(8)