From: dfloyd@io.com
Date: Sun, 27 Nov 94 19:58:48 PST
To: perry@imsi.com
Subject: Re: How to disable telnet to port 25
In-Reply-To: <9411280047.AA10945@snark.imsi.com>
Message-ID: <199411280358.VAA16759@pentagon.io.com>
MIME-Version: 1.0
Content-Type: text/plain


> 
> 
> The Al Capone of the Info Highway says:
> > A while back, there was a discussion about how to fake a from
> > address by telneting into port 25 in a site. Many people discussed
> > the pro's and cons, but I wanted to know if anybody knows of a way
> > to stop people from getting in there to send the message in the
> > first place.
> 
> Sure. Turn off mail to your site.
> 
> Beyond that, the store and forward nature of mail makes it impossible
> to stop this. The only real solution is to require digital signatures
> on all email.
> 
> Perry
> 

Identd is pathetic, but may help with finding who did it.
(Also, a good look at the mail headers will help too.)

If the mail was a forgery on the local site, a check in the mail
logs will do, as sendmail is not accessed when mailing from
user@localhost to anotheruser@localhost.

Enough of the "FAA's... the info that everyone knows, or should.".

Other than using PGP or PEM, or writing a new RFC for mail, is there
any other way to verify that a message is authentic that I missed?