Carlos Williams wrote: > On Fri, Dec 4, 2009 at 2:22 PM, Matt Hayes <domin...@slackadelic.com> wrote: > >> The question is, are you trying to 'relay' through the server or sending >> to a domain that the server hosts? >> >> -Matt >> > > I don't know how to answer this. The Postfix server is on the same > network as the clients connecting to it. The clients simply connect to > the server on the same subnet / domain. It just seems that anyone can > log in as anybody and send mail on their behalf. This appears bad to > me... >
This is nothing new - and using a manual telnet connection is rather awkward and time consuming; there is nothing in the telnet approach that can't be done more quickly and easily with any decent mail client. Forged senders are quite commonplace, and when coming from the internet they are rather easily detected. Even if they are inside, you have their IP address in the postfix logs. I doubt that the crowd who routinely forge the sender address do so using manual telnet - they simply use a mail client/script/tool to make their jobs easier. Telnet is a red herring, it's not the real issue here. The question is, how paranoid do you need to be, and how far are you willing to go to lock things down? Joe
