#1  
Old 15th March 2011, 02:03
carlosinfl carlosinfl is offline
Member
  
Join Date: Dec 2009
Location: Orlando, FL
Posts: 70
Thanks: 3
Thanked 3 Times in 3 Posts
Send a message via AIM to carlosinfl
Default Sending Mail Via Telnet?
So I got a mail server stood up running Postfix running it's most simplistic configuration for a single domain. I created the shell users in Debian & set their home directory as their mailbox.

My question is after I added about 40 users, I realized that anyone can simply Telnet to my mail server on port 25 and compose a message and say they're someone else:

Code:
telnet my.mailserver.tld 25
EHLO mypc.mydomain.tld
MAILFROM: bob@mydomain.tld
RCPTTO: theboss@mydomain.tld
DATA

Hey! You're a fat pig & I quit!
./
QUIT
Message queued as S7439OP32
So I can send that from any PC on the domain and claim that I'm 'Bob' when in fact I'm not. This seems like a really big issue for security & authenticity for Postfix / MTA. How can I resolve this issue and or prevent it from happening?
Reply With Quote
Sponsored Links
  #2  
Old 15th March 2011, 06:15
topdog topdog is offline
Senior Member
  
Join Date: Jan 2008
Location: South Africa
Posts: 1,352
Thanks: 0
Thanked 148 Times in 145 Posts
Default
Use SASL auth with Envelope address verification. http://www.postfix.org/SASL_README.html
__________________
----
http://www.topdog.za.net - Got Linux problems ? - I can help.
http://www.baruwa.org - Try it.
Reply With Quote
  #3  
Old 23rd March 2011, 05:40
astinsan astinsan is offline
Junior Member
  
Join Date: Jul 2008
Posts: 11
Thanks: 0
Thanked 2 Times in 2 Posts
 
Default
It should be a law that authentication is setup on mail servers. SSL or equivalent should be the second law.
Reply With Quote
Reply

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ERROR: Connection dropped by IMAP server. [Centos 5.4, courier imap,squirrel, etc] darevil HOWTO-Related Questions 8 8th August 2011 15:55
Getting Email Working ISPConfig3 Squirrelmail and Courier etc Ian Wilson Installation/Configuration 16 17th February 2011 17:55
Mail server using Postfix, Dovecot, Mysql... Postfix virtual maps doesn't work?? tarasbuljba HOWTO-Related Questions 33 28th May 2010 14:33
Fedora 12 - Strage problem - Freezes K_meleonu Installation/Configuration 6 3rd March 2010 18:42
Core 4: Error Messages on Fresh Install re CTX/SSL jjw Installation/Configuration 30 6th September 2006 12:16


All times are GMT +2. The time now is 22:43.

Contact Us - HowtoForge - Linux Howtos and Tutorials - Archive - Top

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.