In message <810190912069457987532D87BAE82817@CharlieCompaq>, Charlie
<eximquest1@???> writes
>I was wondering how exactly ISP's - that don't require authentication -
>manage to restrict access to their customers only.
They use ACL conditions that check the IP address is in range
>I know that Exim can restrict access by IP address,
Exactly so
>but IP addresses can be
>spoofed
For two way TCP conversations (as needed for email transfer) IP
addresses cannot be spoofed unless
the spoofer can sniff the traffic as it travels between the endpoints
(not a very interesting attack scenario)
or
the mail server stack is sub-standard and does not use truly random
initial sequence numbers (in which case, upgrade to something that
was shipped this century)
>(and very often are spoofed by automated scanners which search for
>SMTP servers that are open in this way).
Scanners can operate (no idea how many do in practice) by just using SYN
packets and then causing the SYN-ACK to go to a third party whose
machine state can be tested remotely (usually because it allocates
sequential identifiers to RST packets). But all this scanning activity
does is to detect the TCP/25 listener, it doesn't involve any forging of
email traffic.
- --
richard Richard Clayton
Those who would give up essential Liberty, to purchase a little temporary
Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755
