> At 12:07 PM 11/13/2000 -0500, Brooks Carlson wrote:
> >Is there any way to set up the firewall to accept and send only
incoming
> >mail from those employees
> >that have legitimate email addresses with the company? I don't want
our
> >email server being
> >used as spam servers.
> >
> >Sorry for the newbie question...
Your best bet, and the only reliable way to handle this afaik, is to use
an
SMTP server that supports SMTP AUTH and SSMTP.
SMTP AUTH - Authenticated SMTP
SSMTP - Secure SMTP (SMTP over SSL)
SMTP AUTH requires a mail client that supports it as well (Netscape
mail,
Eudora, Outlook & Express, etc. do) and requires the user to specify a
password
to send E-mail. This actually authenticates the user, just as they
would when
picking up their mail, and should have been part of the original SMTP
specs
(way back ;-) but we trusted people then.
SMTP over SSL is then highly recommended because without it, the user's
password is being transmitted in the clear (note: also use POP3 over SSL
or you
have the same problem) and any spammer worth their salt will be able to
sniff
it and still use your server as a relay.
--
Michael T. Babcock (PGP: 0xBE6C1895)
http://www.fibrespeed.net/~mbabcock/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
