The Symantec Enterprise Firewall (old Axent Raptor) actually does this, but it can be fooled by using a better SMTP emulator like the Solaris mconnect command. It still helps a little.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Randy Smith
Sent: Sat March 30 2002 16:52
To: 'Paul D. Robertson'
Cc: [EMAIL PROTECTED]
Subject: RE: Restrict telnet to port 25 via firewall.

One possibility I have not heard discussed would be to write a wrapper that can distinguish the difference between protocol messages sent by an SMTP program and a person composing them at a Telnet prompt.  The former would likely arrive as a single packet per protocal message, while the latter would likely arrive as a single character per packet (Telnet generally does not buffer lines).  Another option might be to send back a Telnet control/negotiation message - an SMTP program would likely ignore it, while a Telnet program would respond.  I havent tried either of these approaches, but think they would detect most user attempts to spoof SMTP using Telnet.

 

- Randy Smith

 

 

----Original Message-----

   >From:         Paul D. Robertson [SMTP:[EMAIL PROTECTED]]

   >To:           [SMTP:[EMAIL PROTECTED]]

   >Cc:           [EMAIL PROTECTED]

   >Subj:         RE: Restrict telnet to port 25 via firewall.

   >Sent:         Monday, March 25, 2002 3:38 AM

   >

   >On Mon, 25 Mar 2002, Navin Mehra/MUM/IN/STTL wrote:

   >

   >> Date: Mon, 25 Mar 2002 14:25:35 +0530

   >> From: Navin Mehra/MUM/IN/STTL <[EMAIL PROTECTED]>

   >> To: Madhur Nanda <[EMAIL PROTECTED]>

   >> Cc: [EMAIL PROTECTED]

   >> Subject: RE: Restrict telnet to port 25 via firewall.

   >>

   >>

   >> Thanks for the feedback.

   >> But the problem is anybody can compose a mail, via telneting to port 25.

   >

   >Mail is spoofable.  That's a flaw in the protocol.  Telnet isn't the only

   >way to spoof mail.

   >

   >> and then impersonatting the person can send a mail on his behalf. Can i

   >> enable any sort or authorisation on the pix firewall or is there a setting

   >> in the Lotus Notes server R5.

   >

   >If you want the machine to receive mail from the Internet, the best you

   >can do is to ensure it's not an open relay.  As mentioned, there are

   >client-side mail integrity solutions like S/MIME and PGP/GPG. 

   >

   >If you're relying on SMTP for authenticity, you need to either switch

   >mechanisms or add client-side validation, or accept the fact that the

   >protocol has major flaws.

   >

   >Paul

   >-----------------------------------------------------------------------------

   >Paul D. Robertson      "My statements in this message are personal opinions

   >[EMAIL PROTECTED]      which may have no basis whatsoever in fact."

   >

   >_______________________________________________

   >Firewalls mailing list

   >[EMAIL PROTECTED]

   >http://lists.gnac.net/mailman/listinfo/firewalls

   >

 

 

Reply via email to