On Wed, 13 Mar 1996, Greg A. Woods wrote:
> Well, on the other hand, you could tighten up your requirements, no?
> Why does forwarding cause "MAIL FROM: <local address>"? Why should your
> mailer allow it if the connection comes from outside? Is it absolutely
> necessary to allow "MAIL FROM: <>", eps. from outside connections?
RFC 821 & RFC 1123.
> In any case, if students have accounts on systems which are also
> permitted to send mail, then it is by definition impossible to prevent
> them from using telnet or other hand-crafted programs to send mail, and
> I would ask why you should want to do that in the first place. It's a
> lost cause and a waste of time IMHO.
We tell them not to, and by various checks (such as verify_sender) if we
catch any of them doing it, we get very cross with them. The reasons we
do this are
(a) Postmaster time is wasted sorting out messages with bad headers
and/or envelopes etc. The use of verify_sender saves *my* time by not
allowing in messages that cannot be replied to.
(b) We have suffered a few serious malicious incidents involving forged
mail.
It may be a lost cause, but I'm trying to do my bit to change the
underlying culture of the next generation of net users. I say to them
"You wouldn't put a forged letter in a mailbox, would you? Then why do
you want to put one on the Net? There's no difference in principle." It
sometimes works.
> Of course so far as preventing forgery goes, well that's a matter for
> digital signatures and such to solve. If someone doesn't want mail
> forgeries to appear to come from them, they should use PGP or similar
> such e-mail authentication tools.
Quite, but at the present state of the art you have to know quite a lot
to use these things. Many of our (many) users are very computer-ignorant.
> should be left up to the individuals at the end-points of the exchange,
Agreed. This is a point I make in my talk on this subject, but the point
is not yet widely appreciated, and then there is also my point (a)
above.
--
Philip Hazel University Computing Service,
ph10@??? New Museums Site, Cambridge CB2 3QG,
P.Hazel@??? England. Phone: +44 1223 334714