On Fri, Apr 26, 2002 at 03:20:30AM +0200, Pascal C. Kocher wrote: > > This is wrong. You are still able to get mail through port 25 and not > allowing telnet (at least telnet clients) to connect to the mailserver > over this port. Telnet sends options upon connection (link Terminal > Type) which a regular SMTP Connection would not send. Based on this you > could filter out telnet connections. Althoug I don't know of any > firewall product which supports this. >
For crying out loud guys, this subject was beaten to death a couple of weeks ago - somehow an old message gets delivered to the mailing list and we are off again. Ultimately, there is NOTHING you can do to stop people forging mail which was the original intent of this question. You DO NOT need to use telnet to do the connection, you can use netcat or anyone of a myriad of tools that just open a network port and fire data at it. Even with anti-spam measures if the person forges the correct headers then the message will still be delivered. This is a flaw (some would argue) in the SMTP protocol design, there is nothing that you can do to paper over the gaping hole in the underlying design. Get over it. Move on. -- Brett Lymn _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] For Account Management (unsubscribe, get/change password, etc) Please go to: http://lists.gnac.net/mailman/listinfo/firewalls
