>You don't need anonymous servers. Numerous mailers out there still believe
>the hostname you hand it in the HELO. Until these are fixed, there's little
>to be done about someone seriously intent on forging.
>I sent this straight from ftp.com with a simple script. The people at
>Netcom might want to go over their own machines [and it was sendmail
>8.6.4, yet].
>_H* [for reference]
_H* is right! We've got this problem occuring right now. It seems that
anyone connected to the Internet can get this information. Our students
got it from other students.
What's worse, some sendmail's have a help option which will help you
through the process of mail spoofing via sendmail. When I asked
my support center about it, I got a "Only sysadmins would mess with
sendmail!" type response (amongst others!).
I'd try closing the barn doors, but the builder forgot to supply them.
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
* *
* Chuck Buda (AKA "Sancho") (cbuda @
creighton .
edu) *
* Unix System(s) Administrator also *
* Network Operations Manager ( (cbuda @
cu (in JAYNet))*
* Creighton University Computer Center *
* 2500 California St. Phone: (402) 280-2260 *
* Omaha NE 68178-0002 FAX : (402) 280-2573 *
* *
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
|
|
