HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   Sending Mail Via Telnet? (http://www.howtoforge.com/forums/showthread.php?t=51886)

carlosinfl 15th March 2011 02:03

Sending Mail Via Telnet?
 
So I got a mail server stood up running Postfix running it's most simplistic configuration for a single domain. I created the shell users in Debian & set their home directory as their mailbox.

My question is after I added about 40 users, I realized that anyone can simply Telnet to my mail server on port 25 and compose a message and say they're someone else:

Code:

telnet my.mailserver.tld 25
EHLO mypc.mydomain.tld
MAILFROM: bob@mydomain.tld
RCPTTO: theboss@mydomain.tld
DATA

Hey! You're a fat pig & I quit!
./
QUIT
Message queued as S7439OP32

So I can send that from any PC on the domain and claim that I'm 'Bob' when in fact I'm not. This seems like a really big issue for security & authenticity for Postfix / MTA. How can I resolve this issue and or prevent it from happening?

topdog 15th March 2011 06:15

Use SASL auth with Envelope address verification. http://www.postfix.org/SASL_README.html

astinsan 23rd March 2011 05:40

It should be a law that authentication is setup on mail servers. SSL or equivalent should be the second law.


All times are GMT +2. The time now is 22:59.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.