On Jun 23, 6:53, Bret McDanel wrote:
> Subject: Re: SMTP mail spoofing
> > # We would like to know if there is a good way to determine is someone is
> > # spoofing our mail gateway. Is there a "secure" smtpd or other software
> > # available that will detect/reject connections from someone pretending to
> > # be someone else?
> > #
> > # db
> >
> > In a word: no.
> >
> > SMTP makes absolutely no attempt at guaranteeing the authenticity of
> > messages. There's no way in the protocol to tell if the message
> > coming in is "really" from who it says it is, or from someone else.
> >
> > About the only thing you can do is authenticate the connection (i.e.,
> > that the machine on the other end is really who you think it is), and
> > then determine what you're willing to believe and what you're willing
> > to accept from that machine. You'd need something like a
> > Kerberos-modified version of Sendmail to do the authentication.
> >
> I thought that if you forced all inbound connections to helo/ehlo before they
> sent anything then it would at least guarantee the machine it came from..
>
>-- End of excerpt from Bret McDanel
Sounds like you're talking about the privacy flags option ("Op") in
sendmail 8. If you have "authwarnings" on for that option, it will insist
that it gets a HELO/EHLO before the mail is sent, but all that does is
makes sure the person sending the fraudulent e-mail has to type
"HELO foo.bar.com". It doesn't attempt to verify it. It's why you see
some e-mail around now from mh users that says "X-Authentication-Error:"
on it.
So doing this tells you that either you've got someone who's telnetting to
port 25 to send mail and doesn't know about typing HELO or you've got an
mh user on your hands :-). Not very effective.
-mark frost
network computing devices
References:
|
|
