Author: David Woodhouse Date: To: exim-users CC: Steve Foster Subject: Re: [Exim] confused with ETRN
ph10@??? said: > No. That was what TURN used to do. It was a security exposure. That
> is why ETRN was invented.
TURN was only a security risk before TLS allowed connecting hosts to
properly authenticate themselves.
In fact, even TLS isn't required to make TURN safe -- the case where I've
most wanted TURN support in the past was Demon's mail servers, where my IP
address alone is sufficient to authenticate me -- if an attacker is dialled
into their network and has got my IP address, they'll be getting my Demon
mail _anyway_ -- when Demon eventually decides to send it, that is.
TURN would be quite hard to do properly in Exim though, wouldn't it?