Draft specification for future X-Trace header

Marco d'Itri md at linux.it
Mon Jul 10 15:15:36 UTC 2000


On Jul 06, Olaf Titz <olaf at bigred.inka.de> wrote:

 >I don't. If I, at my gateway, insert the original MID at a point
 >likely to survive further gating, then I can compare the message
 >against the known ID when it loops back to my site. The only
 >expectation here is that the new header goes through the gateways
 >unmolested
Now I understand. But I think loop detection should not be an hack on
top of X-Trace, just invent a new header (like the X-Gateway header used
by FTN gateways).

 >> Cool. So spammer would just add a bunch of X-Trace headers and let
 >> people pick the right one...
 >That's the same situation as with the Received header in mail.
It's not, because you can start from the last Received header and trace
the path of the message until you find the forged one. You can't do that
with X-Trace becase the order of headers is undefined.

 >Spammers may insert any number of bogus ones, but they can't stop the
 >system from inserting the right one as well. And spam will be
 >identified by the rate-limiting mechanism (cleanfeed), comparing just
 >_one_ of them.
Right now I'm concerned with abuse reporting.

 >Then tell me how I, as an ordinary citizen with a standard ISP
 >connection (i.e. no transfer permission and no UUCP), can hand the
 >postings made on my own INN (or Diablo, etc.) system to the ISP's
 >server without using POST feeds. "Don't use INN" is not an option
 >either, this is not even a leaf node.
You keep stripping NNTP-Posting-Host, X-Trace and so on like everybody
is doing since the beginning.

-- 
ciao,
Marco





More information about the inn-workers mailing list