Actually, both of you are right and wrong.
There is a need to stop spamming. There is no need to put an INTERNAL
smtp firewall up.
My ISP had a firewall to prevent unauthorized SMTP access. Any attempts
to tenet into port 25 require login -- user must be an authorized user,
and the password must be the one authorized for the specific user.
I don't have to authenticate to SMTP when I'm normally on the system,
because I'm an authorized user. If I wanted/needed to telnet into the
system from remote sites, I would need to be authorized in advance and
use the assigned username & password.
When I ftp [or telnet, as some activities require] into my shell
account, I use one of my assigned user names and the password specific
for that name. [My primary account name is *not* on my shell account;
to increase security of my shell, I always log in manually and don't
have the account name or password stuck anywhere.]
To the person who had the problem in the first place: Perhaps you can
suggest to your MIS people that their "authentication" isn't really that
secure, and that the area which needs to protect SMTP is telnet -- and
that can be easily handled in an Apache environment. If [heaven
forbid!] MIS isn't using Linux/UNIX and *is* using dozerware, hang up
all hope. :>
l.d.
====
On Sat, 3 Feb 01 17:16:05, [EMAIL PROTECTED] (Howard Schwartz) wrote:
> Sam asked:
>> So my question is: Why does one need to authenticate himself to his own
>> system's smtp server? They already know who you are and they know you are
>> OK because you are already logged on to their own system by using a
>> username and a password that they have already authorized and they have
>> already matched to your identity. My ISP's smtp server does not have an
>> authentication protocol, but unless you are connected to "shentel.net" I
>> don't think there is any way you can send a message out of
>> "smtp.shentel.net" unless you have obtained some subscriber's username and
>> password
> Actually, this is a decent idea, Sam, for deterring Spam: What you say
> is not quite correct. Assume that sleezynet.com is my IP. I can login
> to Sleezynet.com, using my own id/password, and then TELNET to smtp.verio.com
> (or use some mass mail program), and get in with only these SMTP commands:
> telnet smtp.verio.com 25
> helo sleezynet.com
> mail from: [EMAIL PROTECTED]
> Now the server, thinks I am anyverio-user, and I can send 10,000 copies
> of my get rich quick mail to whoever I want, all apparently from anyverio-
> user.com. Without, separate authentication, there is nothing to stop any
> other user at another ISP from entering the mail server and sending mail.
> With authentication, the sleezy fellow can still get in, but he can only
> send mail to local accounts on verio.com.
--
Join B'FOR - B'mothers For Open Records
<A HREF=" http://www.b-for.org "> B'FOR web site</A>
[Associate members of triad also welcome; membership confidential.]
Every member counts! We need numbers to produce valid statistics.
*******
A proud member of
<A HREF=" http://www.phenomenalwomen.com/ "> Phenomenal Women Of The Web</A>
-- Arachne V1.70;rev.3, NON-COMMERCIAL copy, http://arachne.cz/
