> I suppose. What you really need to do, from a trusted path P.O.V., is
> to first authenticate that the MAIL FROM agrees with the incoming
> connection (perhaps according to some general matching rules), and then
> authorise (or deny) the MAIL FROM address (again perhaps according to
> some general matching rules)).
How can you check that MAIL FROM agrees with the incoming connection? If
I send mail to someone at your site who happens to have set up
forwarding back to my machine (because s/he's visiting Cambridge and has a
temporary account here) then I see MAIL FROM: <local address> emanating
from your site.
Anyway, a determined forger can always circumvent any checks you may
want to do on MAIL FROM by using MAIL FROM: <>.
> You'd have to have some rather bizzare security requirements to need to
> deny connections from the local host.
Such as stopping students using Telnet to forge mail?
--
Philip Hazel University Computing Service,
ph10@??? New Museums Site, Cambridge CB2 3QG,
P.Hazel@??? England. Phone: +44 1223 334714