Re: [exim] How do ISP's restrict access without authenticati…

Top Page
Delete this message
Reply to this message
Author: Richard Clayton
Date:  
To: Exim-users
Subject: Re: [exim] How do ISP's restrict access without authentication
In message <810190912069457987532D87BAE82817@CharlieCompaq>, Charlie
<eximquest1@???> writes

>I was wondering how exactly ISP's - that don't require authentication -
>manage to restrict access to their customers only.


They use ACL conditions that check the IP address is in range

>I know that Exim can restrict access by IP address,


Exactly so

>but IP addresses can be
>spoofed


For two way TCP conversations (as needed for email transfer) IP
addresses cannot be spoofed unless

the spoofer can sniff the traffic as it travels between the endpoints
(not a very interesting attack scenario)
or
the mail server stack is sub-standard and does not use truly random
initial sequence numbers (in which case, upgrade to something that
was shipped this century)

>(and very often are spoofed by automated scanners which search for
>SMTP servers that are open in this way).


Scanners can operate (no idea how many do in practice) by just using SYN
packets and then causing the SYN-ACK to go to a third party whose
machine state can be tested remotely (usually because it allocates
sequential identifiers to RST packets). But all this scanning activity
does is to detect the TCP/25 listener, it doesn't involve any forging of
email traffic.

- -- 
richard                                                   Richard Clayton


Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755