View Single Post
  #1  
Old 15th March 2011, 02:03
carlosinfl carlosinfl is offline
Member
 
Join Date: Dec 2009
Location: Orlando, FL
Posts: 70
Thanks: 3
Thanked 3 Times in 3 Posts
Send a message via AIM to carlosinfl
Default Sending Mail Via Telnet?

So I got a mail server stood up running Postfix running it's most simplistic configuration for a single domain. I created the shell users in Debian & set their home directory as their mailbox.

My question is after I added about 40 users, I realized that anyone can simply Telnet to my mail server on port 25 and compose a message and say they're someone else:

Code:
telnet my.mailserver.tld 25
EHLO mypc.mydomain.tld
MAILFROM: bob@mydomain.tld
RCPTTO: theboss@mydomain.tld
DATA

Hey! You're a fat pig & I quit!
./
QUIT
Message queued as S7439OP32
So I can send that from any PC on the domain and claim that I'm 'Bob' when in fact I'm not. This seems like a really big issue for security & authenticity for Postfix / MTA. How can I resolve this issue and or prevent it from happening?
Reply With Quote
Sponsored Links