One possibility I have not heard discussed would be to write a wrapper that can distinguish the difference between protocol messages sent by an SMTP program and a person composing them at a Telnet prompt. The former would likely arrive as a single packet per protocal message, while the latter would likely arrive as a single character per packet (Telnet generally does not buffer lines). Another option might be to send back a Telnet control/negotiation message - an SMTP program would likely ignore it, while a Telnet program would respond. I havent tried either of these approaches, but think they would detect most user attempts to spoof SMTP using Telnet.
- Randy Smith ----Original Message----- >From: Paul D. Robertson [SMTP:[EMAIL PROTECTED]] >To: [SMTP:[EMAIL PROTECTED]] >Cc: [EMAIL PROTECTED] >Subj: RE: Restrict telnet to port 25 via firewall. >Sent: Monday, March 25, 2002 3:38 AM > >On Mon, 25 Mar 2002, Navin Mehra/MUM/IN/STTL wrote: > >> Date: Mon, 25 Mar 2002 14:25:35 +0530 >> From: Navin Mehra/MUM/IN/STTL <[EMAIL PROTECTED]> >> To: Madhur Nanda <[EMAIL PROTECTED]> >> Cc: [EMAIL PROTECTED] >> Subject: RE: Restrict telnet to port 25 via firewall. >> >> >> Thanks for the feedback. >> But the problem is anybody can compose a mail, via telneting to port 25. > >Mail is spoofable. That's a flaw in the protocol. Telnet isn't the only >way to spoof mail. > >> and then impersonatting the person can send a mail on his behalf. Can i >> enable any sort or authorisation on the pix firewall or is there a setting >> in the Lotus Notes server R5. > >If you want the machine to receive mail from the Internet, the best you >can do is to ensure it's not an open relay. As mentioned, there are >client-side mail integrity solutions like S/MIME and PGP/GPG. > >If you're relying on SMTP for authenticity, you need to either switch >mechanisms or add client-side validation, or accept the fact that the >protocol has major flaws. > >Paul >----------------------------------------------------------------------- ------ >Paul D. Robertson "My statements in this message are personal opinions >[EMAIL PROTECTED] which may have no basis whatsoever in fact." > >_______________________________________________ >Firewalls mailing list >[EMAIL PROTECTED] >http://lists.gnac.net/mailman/listinfo/firewalls > _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
