Re: [Exim] confused with ETRN

Page principale
Supprimer ce message
Répondre à ce message
Auteur: David Woodhouse
Date:  
À: exim-users
CC: Steve Foster
Sujet: Re: [Exim] confused with ETRN
ph10@??? said:
> No. That was what TURN used to do. It was a security exposure. That
> is why ETRN was invented.


TURN was only a security risk before TLS allowed connecting hosts to
properly authenticate themselves.

In fact, even TLS isn't required to make TURN safe -- the case where I've
most wanted TURN support in the past was Demon's mail servers, where my IP
address alone is sufficient to authenticate me -- if an attacker is dialled
into their network and has got my IP address, they'll be getting my Demon
mail _anyway_ -- when Demon eventually decides to send it, that is.

TURN would be quite hard to do properly in Exim though, wouldn't it?

--
dwmw2