Sending Mail Via Telnet?

Discussion in 'Server Operation' started by carlosinfl, Mar 15, 2011.

  1. carlosinfl

    carlosinfl New Member

    So I got a mail server stood up running Postfix running it's most simplistic configuration for a single domain. I created the shell users in Debian & set their home directory as their mailbox.

    My question is after I added about 40 users, I realized that anyone can simply Telnet to my mail server on port 25 and compose a message and say they're someone else:

    Code:
    telnet my.mailserver.tld 25
    EHLO mypc.mydomain.tld
    MAILFROM: [email protected]
    RCPTTO: [email protected]
    DATA
    
    Hey! You're a fat pig & I quit!
    ./
    QUIT
    Message queued as S7439OP32
    
    So I can send that from any PC on the domain and claim that I'm 'Bob' when in fact I'm not. This seems like a really big issue for security & authenticity for Postfix / MTA. How can I resolve this issue and or prevent it from happening?
     
  2. topdog

    topdog New Member HowtoForge Supporter

  3. astinsan

    astinsan New Member

    It should be a law that authentication is setup on mail servers. SSL or equivalent should be the second law.
     

Share This Page