Majordomo-Users: Re: Security hole?

Majordomo-Users
(April 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Security hole?
From:	James Cook <jcook @ netcom . com>
Date:	Wed, 20 Apr 1994 09:40:06 -0700 (PDT)
To:	"Jonathan B. Horen" <horen @ applicom . co . il>
Cc:	majordomo-users @ GreatCircle . COM
In-reply-to:	<199404201536.AA16536@applicom.co.il>

On Wed, 20 Apr 1994, Jonathan B. Horen wrote:

> Jeez, guys -- here's a free consult:
> 
> "Mail Spoofing"; ever heard of it?
> 
> All someone has to do is to
> 
>     telnet your_mail_server 25
> 
> and they're "in", at least, as far as posting email is concerned,
> via SMTP (Simple Mail-Transport Protocol).  They can't delete or
> edit anything, but they *can* post mail to anybody, anywhere,
> using any name they wish.
> 
> So, using this command Joe Joker can enter, and then set
> MAIL FROM: your_name
> RCPT TO: your_list_alias
> DATA: .....
> 

Is there a way to block such posts by non-members?  Detect their 
originating route, id, etc. and block?

James

References:

Re: Security hole?
From: "Jonathan B. Horen" <horen@applicom.co.il>

Indexed By Date	Previous:	Re: Security hole? From: David Barr <barr@pop.psu.edu>
Indexed By Date	Next:	Re: Security hole? From: James Cook <jcook@netcom.com>
Indexed By Thread	Previous:	Re: Security hole? From: "Michael J. Corrigan" <corrigan@ucsd.edu>
Indexed By Thread	Next:	Re: Security hole? From: Teshager.Tesfaye@Eng.Sun.COM (T2)