John A. Perry wrote:
First of all, I hope you don't mind me posting this to a couple of lists as I find your questions pertinent and should be of value to many readers.
Oops, I actually meant to direct it to the list myself, but forgot to edit my headers. Sure.
To what extent can the operator of such a remailer really hide his actual site?
It depends on the level of control the remailer operator has on the site that the remailer operates from.
Assume root. I know that you can set the 'masquerade as' thing in sendmail, but of course any other SMTP agents you deal with are going to correctly identify you when you 'HELO' and you're going to wind up in the header, somewhere... (well, except smail 3.1, and probably others.) -- I'm assuming here the best one will be able to do will be equivalent to a forgery via port 25. --Craig