validating i.p.'s

[Thomas Deaton <TD...@co.guilford.nc.us>]

How do I check that an incoming email has a valid i.p.?
 
thanks


E-mail correspondence to and from this address may be subject to the 
North Carolina Public Records Law and may be disclosed to third parties by an
authorized county official. If you have received this communication in 
error , please do not distribute it. Please notify the sender by E-mail 
at the address shown and delete the original message.

Thank you

Re: validating i.p.'s

[Matt Kettler <mk...@evi-inc.com>]

Pieter Combrinck wrote:
> Maybe all you need is to check PTR records for the MTA's connecting to
> you.
> 

In actuality this thread has nothing to do with validating IP addresses at all.
It's really about detecting spoofed domains. Check the rest of the thread, it's
already been answered pretty well.

As for validating the IP by checking the PTR record.. well, if it's invalid
(i.e. unrouteable) you won't even get a connection on a non-broken mailserver,
so you won't even have an IP address to check. Fortunately, you also won't have
a message to deal with either. Moral of the story: use a server OS with at least
semi-good TCP ISN selection.

Really the main reason to check for PTR records is not to check if the IP is
valid, but to check if the site is at least somewhat properly administered. Only
the completely clueless fail to have PTR records for their mailservers.

RE: validating i.p.'s

[Pieter Combrinck <Pi...@nsiit.co.za>]

Maybe all you need is to check PTR records for the MTA's connecting to
you.

-----Original Message-----
From: Matt Kettler [mailto:mkettler@evi-inc.com] 
Sent: 03 June 2005 08:56 PM
To: Rick Macdougall
Cc: Thomas Deaton; users@spamassassin.apache.org
Subject: Re: validating i.p.'s


Rick Macdougall wrote:
> 
> 
> Thomas Deaton wrote:
> 
>> How do I check that an incoming email has a valid i.p.?
>>  
>> thanks
> 
> 
> Hi,
> 
> If it's not a valid IP then how does it get to your server ?



Tcp blind spoofing attack? This is not exactly a workable option for
most attackers in trying to deliver mail unless your mailserver runs a
very badly written tcp stack that has highly predictable ISN's. Even
semi-predictable ones like Windows 95 aren't easy to do a blind spoofing
attack against if you want to fake a whole session, but it's quite
possible against something like AIX 4.3.

I guess Thomas needs to make it more clear what IP address he's looking
to validate.

The IP of the host dropping it off to your MTA obviously must be valid,
otherwise there would be no return route and the TCP connection would
never open in the first place. (unless someone did a blind spoofing
attack, which as said above, isn't easy in most cases)

Re: validating i.p.'s

[Matt Kettler <mk...@evi-inc.com>]

Rick Macdougall wrote:
> 
> 
> Thomas Deaton wrote:
> 
>> How do I check that an incoming email has a valid i.p.?
>>  
>> thanks
> 
> 
> Hi,
> 
> If it's not a valid IP then how does it get to your server ?



Tcp blind spoofing attack? This is not exactly a workable option for most
attackers in trying to deliver mail unless your mailserver runs a very badly
written tcp stack that has highly predictable ISN's. Even semi-predictable ones
like Windows 95 aren't easy to do a blind spoofing attack against if you want to
fake a whole session, but it's quite possible against something like AIX 4.3.

I guess Thomas needs to make it more clear what IP address he's looking to
validate.

The IP of the host dropping it off to your MTA obviously must be valid,
otherwise there would be no return route and the TCP connection would never open
in the first place. (unless someone did a blind spoofing attack, which as said
above, isn't easy in most cases)

Re: validating i.p.'s

[Rick Macdougall <ri...@nougen.com>]

Thomas Deaton wrote:
> How do I check that an incoming email has a valid i.p.?
>  
> thanks

Hi,

If it's not a valid IP then how does it get to your server ?

Rick

Re: validating i.p.'s

[Niek <ni...@asbak.coding-slaves.com>]

On 6/3/2005 8:31 PM +0200, Thomas Deaton wrote:
> How do I check that an incoming email has a valid i.p.?

What is a valid ip ?

Niek Baakman