#1  
Old 15th March 2011, 02:03
carlosinfl carlosinfl is offline
Member
 
Join Date: Dec 2009
Location: Orlando, FL
Posts: 70
Thanks: 3
Thanked 4 Times in 4 Posts
Send a message via AIM to carlosinfl
Default Sending Mail Via Telnet?

So I got a mail server stood up running Postfix running it's most simplistic configuration for a single domain. I created the shell users in Debian & set their home directory as their mailbox.

My question is after I added about 40 users, I realized that anyone can simply Telnet to my mail server on port 25 and compose a message and say they're someone else:

Code:
telnet my.mailserver.tld 25
EHLO mypc.mydomain.tld
MAILFROM: bob@mydomain.tld
RCPTTO: theboss@mydomain.tld
DATA

Hey! You're a fat pig & I quit!
./
QUIT
Message queued as S7439OP32
So I can send that from any PC on the domain and claim that I'm 'Bob' when in fact I'm not. This seems like a really big issue for security & authenticity for Postfix / MTA. How can I resolve this issue and or prevent it from happening?
Reply With Quote
Sponsored Links
  #2  
Old 15th March 2011, 06:15
topdog topdog is offline
Senior Member
 
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 153 Times in 150 Posts
Default

Use SASL auth with Envelope address verification. http://www.postfix.org/SASL_README.html
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #3  
Old 23rd March 2011, 05:40
astinsan astinsan is offline
Junior Member
 
Join Date: Jul 2008
Posts: 11
Thanks: 0
Thanked 2 Times in 2 Posts
Default

It should be a law that authentication is setup on mail servers. SSL or equivalent should be the second law.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Getting Email Working ISPConfig3 Squirrelmail and Courier etc Ian Wilson Installation/Configuration 17 19th June 2013 22:58
ERROR: Connection dropped by IMAP server. [Centos 5.4, courier imap,squirrel, etc] darevil HOWTO-Related Questions 7 9th June 2010 14:49
Mail server using Postfix, Dovecot, Mysql... Postfix virtual maps doesn't work?? tarasbuljba HOWTO-Related Questions 33 28th May 2010 14:33
Fedora 12 - Strage problem - Freezes K_meleonu Installation/Configuration 6 3rd March 2010 18:42
Core 4: Error Messages on Fresh Install re CTX/SSL jjw Installation/Configuration 30 6th September 2006 12:16


All times are GMT +2. The time now is 04:47.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.