[ On Wed, March 13, 1996 at 14:47:18 (+0000), Philip Hazel wrote: ]
> Subject: Re: several messages
>
> > I suppose. What you really need to do, from a trusted path P.O.V., is
> > to first authenticate that the MAIL FROM agrees with the incoming
> > connection (perhaps according to some general matching rules), and then
> > authorise (or deny) the MAIL FROM address (again perhaps according to
> > some general matching rules)).
>
> How can you check that MAIL FROM agrees with the incoming connection? If
> I send mail to someone at your site who happens to have set up
> forwarding back to my machine (because s/he's visiting Cambridge and has a
> temporary account here) then I see MAIL FROM: <local address> emanating
> from your site.
>
> Anyway, a determined forger can always circumvent any checks you may
> want to do on MAIL FROM by using MAIL FROM: <>.
Hmmm... I should probably always re-read rfc821 before I spout such
nonsense, eh? ;-)
Well, on the other hand, you could tighten up your requirements, no?
Why does forwarding cause "MAIL FROM: <local address>"? Why should your
mailer allow it if the connection comes from outside? Is it absolutely
necessary to allow "MAIL FROM: <>", eps. from outside connections?
> > You'd have to have some rather bizzare security requirements to need to
> > deny connections from the local host.
>
> Such as stopping students using Telnet to forge mail?
Hmm.... This seems like just an admin problem to solve. Either you
re-configure Netscape to talk to a remote mail host, or you don't allow
student accounts on the mail host, or.....
In any case, if students have accounts on systems which are also
permitted to send mail, then it is by definition impossible to prevent
them from using telnet or other hand-crafted programs to send mail, and
I would ask why you should want to do that in the first place. It's a
lost cause and a waste of time IMHO.
Of course so far as preventing forgery goes, well that's a matter for
digital signatures and such to solve. If someone doesn't want mail
forgeries to appear to come from them, they should use PGP or similar
such e-mail authentication tools. The transport should stop obvious
abuse from happening, but from the layering principles I've learned I
don't believe it's the transport's responsibility to get involved in
authenticating authors. I personally don't think the mail transport
should ever get involved in emulating the registered mail service of the
Royal Mail. After all, you can't ask the mail transport process in a
court of law if indeed it was Mr. Joe Blow of Such And Such Address who
signed for the the letter. I believe this is a task that must and
should be left up to the individuals at the end-points of the exchange,
and not something that can ever be the responsibility of the transport
(at least not in a public Internet).
--
Greg A. Woods
+1 416 443-1734 VE3TCP robohack!woods
Planix, Inc. <woods@???>; Secrets of the Weird <woods@???>
