[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Questions about SMTP and NNTP
While working on the SMTP and NNTP clients for the WinSock remailer,
I have uncovered two questions I don't know the answer to. Here they
1. When sending a message to the SMTP server, I use scenario 4 as
shown in RFC821 as a basis for my client. There seems to be a
huge security hole in SMTP. I can use just about any name
when sending the VRFY command. For example, I could connect to
"sensemedia.com" and pretend to be "tcmay". Is there something
I'm missing here or is there really that big a security hole in
2. How do you do user authentication in NNTP? There's nothing about
it RFC977. Is there a later RFC that describes how to do user
authentication? All of my newsreaders support this function, but
I haven't been able to figure out how to do it.
Any help you can give me would be appreciated.
ObWinSock Remailer: I have the POP3, NNTP and SMTP clients functional
now. With luck, I'll have an alpha test version of the remailer in
two or three weeks.
ObCypherPunks: Is the list down? I haven't heard a peep since about
noon. I send a "who cypherpunks" to majordomo and received a quick
reply which shows I'm still subscribed. Any idea?
[email protected] [home -- encryption, privacy, RKBA and other hopeless causes]
[email protected] [work -- designing pagers]
"Anyone who considers arithmetical methods of producing random digits is,
of course, in a state of sin." -- John Von Neumann