Old 15th March 2011, 03:03
carlosinfl carlosinfl is offline
Join Date: Dec 2009
Location: Orlando, FL
Posts: 70
Thanks: 3
Thanked 4 Times in 4 Posts
Send a message via AIM to carlosinfl
Default Sending Mail Via Telnet?

So I got a mail server stood up running Postfix running it's most simplistic configuration for a single domain. I created the shell users in Debian & set their home directory as their mailbox.

My question is after I added about 40 users, I realized that anyone can simply Telnet to my mail server on port 25 and compose a message and say they're someone else:

telnet my.mailserver.tld 25
EHLO mypc.mydomain.tld
MAILFROM: bob@mydomain.tld
RCPTTO: theboss@mydomain.tld

Hey! You're a fat pig & I quit!
Message queued as S7439OP32
So I can send that from any PC on the domain and claim that I'm 'Bob' when in fact I'm not. This seems like a really big issue for security & authenticity for Postfix / MTA. How can I resolve this issue and or prevent it from happening?
Reply With Quote
Sponsored Links
Old 15th March 2011, 07:15
topdog topdog is offline
Senior Member
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 154 Times in 151 Posts

Use SASL auth with Envelope address verification. http://www.postfix.org/SASL_README.html
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
Old 23rd March 2011, 06:40
astinsan astinsan is offline
Junior Member
Join Date: Jul 2008
Posts: 11
Thanks: 0
Thanked 2 Times in 2 Posts

It should be a law that authentication is setup on mail servers. SSL or equivalent should be the second law.
Reply With Quote


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Getting Email Working ISPConfig3 Squirrelmail and Courier etc Ian Wilson Installation/Configuration 17 19th June 2013 23:58
ERROR: Connection dropped by IMAP server. [Centos 5.4, courier imap,squirrel, etc] darevil HOWTO-Related Questions 7 9th June 2010 15:49
Mail server using Postfix, Dovecot, Mysql... Postfix virtual maps doesn't work?? tarasbuljba HOWTO-Related Questions 33 28th May 2010 15:33
Fedora 12 - Strage problem - Freezes K_meleonu Installation/Configuration 6 3rd March 2010 19:42
Core 4: Error Messages on Fresh Install re CTX/SSL jjw Installation/Configuration 30 6th September 2006 13:16

All times are GMT +2. The time now is 03:59.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.