On Mon, 25 Mar 2002, Navin Mehra/MUM/IN/STTL wrote: > Date: Mon, 25 Mar 2002 14:25:35 +0530 > From: Navin Mehra/MUM/IN/STTL <[EMAIL PROTECTED]> > To: Madhur Nanda <[EMAIL PROTECTED]> > Cc: [EMAIL PROTECTED] > Subject: RE: Restrict telnet to port 25 via firewall. > > > Thanks for the feedback. > But the problem is anybody can compose a mail, via telneting to port 25.
Mail is spoofable. That's a flaw in the protocol. Telnet isn't the only way to spoof mail. > and then impersonatting the person can send a mail on his behalf. Can i > enable any sort or authorisation on the pix firewall or is there a setting > in the Lotus Notes server R5. If you want the machine to receive mail from the Internet, the best you can do is to ensure it's not an open relay. As mentioned, there are client-side mail integrity solutions like S/MIME and PGP/GPG. If you're relying on SMTP for authenticity, you need to either switch mechanisms or add client-side validation, or accept the fact that the protocol has major flaws. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions [EMAIL PROTECTED] which may have no basis whatsoever in fact." _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
