On Dec 4, 2009, at 8:08 PM, Carlos Williams wrote: > I was just thinking today that if anyone knew a valid email address on > my Postfix mail server, anyone could simply telnet to it (assuming > they're on a trusted network / mynetworks) and send mail posed as that > valid email address. I know this is not a huge security deal since > it's come from a client listed in the mynetworks parameter but > sometimes we have not so nice people we are forced to trust. Does this > sound correct to anyone here? Normally on any mail client you need a > username / password to send / receive email for a specific user but in > the case of Telnet or just sending, it appears this is not required. > Is there something I over looked?
If sending e-mail via telnet without a username/password is possible it is also possible with a client.