Firewalls: Re: SMTP mail spoofing

Firewalls
(June 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Re: SMTP mail spoofing
From:	smb @ research . att . com
Date:	Thu, 23 Jun 1994 15:06:00 -0400
To:	"Mark Frost" <mfrost @ ncd . com>
Cc:	bret @ real . com (Bret McDanel), Firewalls @ GreatCircle . COM
Fcc:	outbox

--------
         Sounds like you're talking about the privacy flags option
         ("Op") in sendmail 8.  If you have "authwarnings" on for that
         option, it will insist that it gets a HELO/EHLO before the
         mail is sent, but all that does is makes sure the person
         sending the fraudulent e-mail has to type "HELO foo.bar.com".
         It doesn't attempt to verify it.  It's why you see some e-mail
         around now from mh users that says "X-Authentication-Error:"
         on it.

It's worse than that.  I can telnet to, say, uunet's port 25, but
still send mail to some other host, and from some other host.

In fact, I hand-sent this message using just that technique, as a
glance at the Received: lines will show.

Indexed By Date	Previous:	Re: SMTP mail spoofing From: "Mark Frost" <mfrost @ ncd . com>
Indexed By Date	Next:	Forwarded message... From: "Ross Patterson" <n4yyh @ mott . sensor . com>
Indexed By Thread	Previous:	Re: SMTP mail spoofing From: "Mark Frost" <mfrost @ ncd . com>
Indexed By Thread	Next:	Re[2]: SMTP mail spoofing From: Dorian_W_Smith @ isc_smtp . isc . nva . ge . com (Dorian W Smith)