[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How to disable telnet to port 25

To: [email protected]
Subject: Re: How to disable telnet to port 25
From: [email protected]
Date: Sun, 27 Nov 1994 21:58:41 -0600 (CST)
Cc: [email protected]
In-Reply-To: <[email protected]> from "Perry E. Metzger" at Nov 27, 94 07:47:24 pm
Sender: [email protected]

> 
> 
> The Al Capone of the Info Highway says:
> > A while back, there was a discussion about how to fake a from
> > address by telneting into port 25 in a site. Many people discussed
> > the pro's and cons, but I wanted to know if anybody knows of a way
> > to stop people from getting in there to send the message in the
> > first place.
> 
> Sure. Turn off mail to your site.
> 
> Beyond that, the store and forward nature of mail makes it impossible
> to stop this. The only real solution is to require digital signatures
> on all email.
> 
> Perry
> 

Identd is pathetic, but may help with finding who did it.
(Also, a good look at the mail headers will help too.)

If the mail was a forgery on the local site, a check in the mail
logs will do, as sendmail is not accessed when mailing from
user@localhost to anotheruser@localhost.

Enough of the "FAA's... the info that everyone knows, or should.".

Other than using PGP or PEM, or writing a new RFC for mail, is there
any other way to verify that a message is authentic that I missed?

Follow-Ups:
- Re: How to disable telnet to port 25
  - From: "Robert A. Hayden" <[email protected]>

References:
- Re: How to disable telnet to port 25
  - From: "Perry E. Metzger" <[email protected]>

Prev by Date: Re: Brad Templeton's fears
Next by Date: Re: How to disable telnet to port 25
Prev by thread: Re: How to disable telnet to port 25
Next by thread: Re: How to disable telnet to port 25
Index(es):
- Date
- Thread