How to disable telnet to port 25
dfloyd at io.com
dfloyd at io.com
Sun Nov 27 19:58:48 PST 1994
>
>
> The Al Capone of the Info Highway says:
> > A while back, there was a discussion about how to fake a from
> > address by telneting into port 25 in a site. Many people discussed
> > the pro's and cons, but I wanted to know if anybody knows of a way
> > to stop people from getting in there to send the message in the
> > first place.
>
> Sure. Turn off mail to your site.
>
> Beyond that, the store and forward nature of mail makes it impossible
> to stop this. The only real solution is to require digital signatures
> on all email.
>
> Perry
>
Identd is pathetic, but may help with finding who did it.
(Also, a good look at the mail headers will help too.)
If the mail was a forgery on the local site, a check in the mail
logs will do, as sendmail is not accessed when mailing from
user at localhost to anotheruser at localhost.
Enough of the "FAA's... the info that everyone knows, or should.".
Other than using PGP or PEM, or writing a new RFC for mail, is there
any other way to verify that a message is authentic that I missed?
More information about the cypherpunks-legacy
mailing list