Web Homework 9

1100012749

• 大部分Telnet客户能连接到端口25（SMTP端口）而不是Telnet端口。使用这样的工具，连接到SMTP服务器并给你自己发送某个伪造的电子邮件，然后检查头部找出消息不真实的证据。

C:\Users\lenovo>telnet 162.105.129.21 25
Trying 162.105.129.21...
Connected to 162.105.129.21.
Escape character is '^]'.
220 pku.edu.cn Anti-spam GT for Coremail System (pku[20141114])
HELO radon
250 OK
auth login
334 dXNlcm5hbWU6
/*account*/
334 UGFzc3dvcmQ6
/*password*/
235 Authentication successful
mail from: <admin@abc.com>
250 Mail OK
rcpt to: <1100012749@pku.edu.cn>
250 Mail OK
DATA
354 End data with <CR><LF>.<CR><LF>
subject: Homework 9
foobar
.
250 Mail OK queued as x4FpogCHILOFnptUoVQ3AA--.46712S4
QUIT
221 Bye
Connection closed by foreign host.

"Received:"头提供了详细的消息传输历史记录，服务器的真实IP地址162.105.118.75与伪造的邮件发送者admin@abc.com的域名不一致。

Received: from radon (unknown [162.105.118.75])
    by mailfront01 (Coremail) with SMTP id x4FpogCHILOFnptUoVQ3AA--.46712S4;
    Thu, 25 Dec 2014 13:22:17 +0800 (CST)
subject: Homework 9
X-CM-TRANSID:x4FpogCHILOFnptUoVQ3AA--.46712S4
Message-Id:<549B9F17.0285EB.47233@pku.edu.cn>
X-Coremail-Antispam: 1UD129KBjDUn29KB7ZKAUJUUUUU529EdanIXcx71UUUUU7v73
    VFW2AGmfu7bjvjm3AaLaJ3UjIYCTnIWjp_UUUOZ7k0a2IF6F4UM7kC6x804xWl14x267AK
    xVWUJVW8JwAFc2x0x2IEx4CE42xK8VAvwI8IcIk0rVWrJVCq3wAFIxvE14AKwVWUJVWUGw
    A2ocxC64kIII0Yj41l84x0c7CEw4AK67xGY2AK021l84ACjcxK6xIIjxv20xvE14v26r1j
    6r1xM28EF7xvwVC0I7IYx2IY6xkF7I0E14v26r1j6r4UM28EF7xvwVC2z280aVAFwI0_Gr
    0_Cr1l84ACjcxK6I8E87Iv6xkF7I0E14v26r4j6r4UJwAIcxvE14x267AKxVWUXVWUAwAa
    c4AC6c804VAKzVA2z4x0Y4yle2I262IYc4CY6c8Ij28IcVAaY2xG8wAqx4xG64xvF2IEw4
    CE5I8CrVC2j2WlYx0EF7xvrVAajcxG14v26r1j6r4UMcIj6xIIjxv20xvE14v26r106r15
    McIj6I8E87Iv67AKxVW8JVWxJwAm72CE4IkC6x0Yz7v_Jr0_Gr1lF7xvr2IY64vIr41lw4
    CEF2IF47xS0VAv8wCY1x0264kExVAvwVAq07x20xylc2xSY4AK67AK6r4rMxAIw28IcxkI
    7VAKI48JMxAIw28IcVAI2Ix0rVCY1x07MxAIw28IcVAKzI0EY4vE52x082I5MxC20s026x
    CaFVCjc4AY6r1j6r4UMI8I3I0E5I8CrVAFwI0_Jr0_Jr4lx2IqxVCjr7xvwVAFwI0_JrI_
    JrWlx4CE17CEb7AF67AKxVWUJVWUXwCI42IY6xIIjxv20xvE14v26r1j6r1xMIIF0xvE2I
    x0cI8IcVCY1x0267AKxVWUJVW8JwCI42IY6xAIw20EY4v20xvaj40_Zr0_Wr1UMIIF0xvE
    x4A2jsIE14v26r1j6r4UMIIF0xvEx4A2jsIEc7CjxVAFwI0_Jr0_GrUvcSsGvfC2KfnxnU
    UI43ZEXa7IUeLiStUUUUU==
Date: Thu, 25 Dec 2014 13:22:31 +0800 (CST)
From: admin@abc.com
X-CM-SenderInfo: pdgpx0o6deuhhfrp/
foobar

以如下邮件信头为例，真实邮件头还应有如下关键信息：

Return-Path: noreply@github.com
Received: from 162.105.129.91 (LHLO mail.pku.edu.cn) (162.105.129.91) by
 bj-mail07.pku.edu.cn with LMTP; Wed, 8 Oct 2014 11:21:10 +0800 (CST)
Received: from localhost (localhost.localdomain [127.0.0.1])
    by mail.pku.edu.cn (tmailer) with ESMTP id AD88129976D
    for <1100012749@pku.edu.cn>; Wed,  8 Oct 2014 11:21:10 +0800 (CST)
X-Spam-Flag: NO
X-Spam-Score: -14.028
X-Spam-Level: 
X-Spam-Status: No, score=-14.028 tagged_above=-1000 required=20
    tests=[AWL=1.368, BAYES_00=-10.396, CN_BODY_1039=0.5,
    CN_BODY_1041=0.2, CN_BODY_1043=0.3, CN_SUBJECT_3019=2,
    RCVD_IN_DNSWL_HI=-8] autolearn=ham
Received: from mail.pku.edu.cn ([127.0.0.1])
    by localhost (bj-mail01.pku.edu.cn [127.0.0.1]) (theinterface-new, port 10024)
    with ESMTP id KQ-sHfG9eLKM for <1100012749@pku.edu.cn>;
    Wed,  8 Oct 2014 11:21:04 +0800 (CST)
Received: from FE-2KA3F09000072.pku.edu.cn (unknown [162.105.129.221])
    by mail.pku.edu.cn (tmailer) with ESMTPS id 3BCDB1A8020
    for <1100012749@pku.edu.cn>; Wed,  8 Oct 2014 11:21:03 +0800 (CST)
Received: from github-smtp2a-ext-cp1-prd.iad.github.net (github-smtp2-ext4.iad.github.net [192.30.252.195])
    by FE-2KA3F09000072.pku.edu.cn  with ESMTP id s983IFGV007412-s983IFGW007412
    for <1100012749@pku.edu.cn>; Wed, 8 Oct 2014 11:18:15 +0800
Date: Tue, 07 Oct 2014 20:21:01 -0700
From: GitHub <noreply@github.com>
To: RadonX <1100012749@pku.edu.cn>
Message-ID: <5434ad9dd67f3_67d83f87d1b492c0146ed@github-fe131-cp1-prd.iad.github.net.mail>
Subject: [GitHub] Please verify your email '1100012749@pku.edu.cn'
Mime-Version: 1.0
Content-Type: text/plain;
 charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Auto-Response-Suppress: All