From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Mon, 28 Nov 94 19:12:13 PST
To: cypherpunks@toad.com
Subject: Re: How to disable telnet to port 25
Message-ID: <9411282038.AA00652@anchor.ho.att.com>
MIME-Version: 1.0
Content-Type: text/plain


> The Al Capone of the Info Highway says:
> > A while back, there was a discussion about how to fake a from
> > address by telneting into port 25 in a site. Many people discussed
> > the pro's and cons, but I wanted to know if anybody knows of a way
> > to stop people from getting in there to send the message in the
> > first place.
> Sure. Turn off mail to your site.

You don't have to go quite that far (almost, but not quite :-)
You can do things like only accept your incoming mail via uucp,
which has a whole different set of holes and limitations,
but which is supported by a number of the major network suppliers.
If you're on dialup access anyway, uucp is fine.
If you've got a real IP feed, uucp-over-tcp has slightly more
authentication than smtp, and can turn off anonymous access,
but that basically means you're transferring your trust to your
MX forwarder's security system, which presumably still speaks port 25.

		Bill