[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev Re: your mail
|
From: |
Jason F. McBrayer |
|
Subject: |
Re: lynx-dev Re: your mail |
|
Date: |
22 Apr 1998 12:00:39 -0600 |
>>>>> "WB" == Wayne Buttles <address@hidden> writes:
WB> On Tue, 21 Apr 1998, Foteos Macrides wrote:
>> Do you know if sendmail.exe is checking a database for
>> authorization info, e.g., that used by Outlook Express, such
>> that it could be modified to make this type of misuse actually
>> work?
WB> I believe all information is passed to it via the command line. It is
WB> just a dumb automated telnet. It doesn't do any intellegent
WB> authentication ... but does unix sendmail?
My guess is that the unix sendmail that sendmail.exe is connecting to
is doing host-based authentication: it's fine for Al to mail from his
box (without any particular authentication) since it's in the same
domain as the unix sendmail it's connecting to. But it's not fine for
Fote to mail using Al's server and user information because he's in a
different domain. I'm fairly sure most sendmail setups on unix boxes
today are picky about who they will relay from, but only on a
domain-based criterion. I think "this type of misuse" will work only
if the smart smtp host (the unix sendmail) is misconfigured to relay
from anywhere.
[I'm no sendmail expert]
--
+----------------------------------------------------------------+
| Jason F. McBrayer address@hidden |
| The scalloped tatters of the King in Yellow must hide Yhtill |
| forever. R.W. Chambers _The King in Yellow_ |