On Mon, 12 Jul 1999, Richard Letts wrote:
> On Mon, 12 Jul 1999, Robert Varga wrote:
>
> > That is exactly what I want to override...
> >
> > I want to do address rewriting for my users the same way it can be done
> > with the generics table in sendmail. That is, I want to ensure that my
> > users do not try to send mail in someone else's name.
>
> you're on a hiding to nothing. as long as they have any form of access to
> SMTP they can forge mail from whoever they like. you need to look at
> enforcing the use of cryptographic sugnatures.
>
It is not as problematic as that...
They are not really computer-specialists... they might know a thing about
setting a few options in pine, but I don't think they will be able to use
my SMTP port if I don't want to.
What I want to ensure, is that they can't use a MUA on my machine to forge
email if I don't want to.
If they use an SMTP server anywhere else, then it is not my fault.
They won't be able to use my server for relaying. And I won't allow them
to use pine or other MUAs to make SMTP connections.
This way if they use an MUA on my machine, they will be under control.
This is all that is achieved in sendmail, too...
Robert Varga
