On Mon, Oct 31, 2016 at 12:35:02PM -0700, Stephen Hanselman
wrote:> Good Morning,
>
> Can someone point me to the area in Dovecot that deals with incoming IP
> addresses. Specifically I want to determine if it is possible to
"spoof"
> the address or is the address I look at in the headers the actual address
> that made the connection request (hopefully it is).
I can't point you to a section of code since I'm not familiar with the
Dovecot codebase, but I can provide a bit of insight.
It's quite possible to spoof source IP addresses on the internet. It's
quite a complicated and deep topic[1], but it is very much a real thing.
Since this is at the network level, Dovecot has no way of detecting or
preventing this. Thankfully, it's much more complicated to actually
_receive_ packets intended for an IP you don't control, so IP spoofing
is used primarily for making DDoS attacks harder to block. I can't find
the talk that gave this number, but I recall someone claiming 27% of
ISPs did not take adequate steps to prevent IP spoofing on their
networks.
I'm curious what your goal is. IP addresses are not generally an
acceptable means of identification, which is why Dovecot supports real
authentication mechanisms like SASL. So what are you trying to do?
--Sean
[1]: http://www.internetsociety.org/doc/addressing-challenge-ip-spoofing