From: Owen Lagarde <olagarde AT pegasus DOT wes DOT army DOT mil>
Newsgroups: comp.lang.c++,comp.os.msdos.djgpp,rec.games.programmer
Subject: Re: any class-A idiot...
Date: Mon, 29 Sep 1997 17:51:03 -0500
Organization: Nichols Research
Lines: 39
Message-ID: <343030D7.1CBC@pegasus.wes.army.mil>
References: <3412BD25 DOT 1F30 AT mho DOT net> <341714E9 DOT F6CC2E67 AT rpi DOT edu> <hNfIiWAbrpJ0EwUu AT solarflair DOT demon DOT co DOT uk> <342754c2 DOT 0 AT 139 DOT 134 DOT 5 DOT 33> <608jvl$sii AT mozo DOT cc DOT purdue DOT edu> <875267668 DOT 836385 AT ash DOT mcs DOT net DOT au> <60hdjn$ser AT mozo DOT cc DOT purdue DOT edu> <342C4916 DOT 7200 AT cam DOT org> <875403042 DOT 94850 AT ash DOT mcs DOT net DOT au> <3432ce72 DOT 13188083 AT news1 DOT newscene DOT com> <875464223 DOT 362599 AT ash DOT mcs DOT net DOT au> <01bccc37$c182be90$b756dec2 AT algorithm> <342FAA0B DOT 65D5 AT cam DOT org> <01bcccf2$c97066f0$2b40cbc2 AT russnt>
NNTP-Posting-Host: pegasus.wes.army.mil
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
To: djgpp AT delorie DOT com
DJ-Gateway: from newsgroup comp.os.msdos.djgpp
Precedence: bulk

Russ Williams wrote:
> Yes, but why is he appearing as 'unknown@'? Surely that should record
> the username of whoever's logged into the dial-up... Then again, most
> ISPs constantly seem to have problems with their software, so it could
> be a "// TODO: implement me!" job. ;)

I've seen two common instances of "unknown" in mail:

   1)  Send a message with a fake "from" header through a mail
   repeater to an address that is known to not exist.  The bounce-
   back, if configured to not encapsulate in an error message, sends
   the unchanged message back to the "from" contents.  Netscape mail
   does this quite well, but it's rare.

   2)  Hack up a text file formatted to appear as a mail message
   (via any un-intelligent mailer or even text editor) and write it 
   to the mail port of any host that hasn't applied the maild() patch
   for this very loophole.  The message goes with the contents of the
   fake header provided the mail deamon doesn't check it first.  Even
   easier if you have access to the deamon and associated socket.

The first is usually a mistake, and any class-A idiot with root
on their linux or bsd box and a little admin knowledge can do the
second.  For that matter, there's a slew of methods using RCP or
UDB utilities provided the first host to receive doesn't backtrack,
check sender, require a local account, etc.  Easily half of the 
boxes compliant with early sunos 4.1 and back fit that bill.


-- 

Sincerely,

Owen LaGarde
CEWES HPC MSRC
Customer Support
800-500-4722
info-hpc AT wes DOT hpc DOT mil
"If I can do it, any idiot can." -- Me