lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev your mail


From: Foteos Macrides
Subject: Re: lynx-dev your mail
Date: Thu, 23 Apr 1998 14:12:09 -0400

Heather Stern <address@hidden> wrote:
I ate the fortune cookie first, then read what Jason F. McBrayer wrote:
>> [...]
>> My guess is that the unix sendmail that sendmail.exe is connecting to
>> is doing host-based authentication:  it's fine for Al to mail from his
>> box (without any particular authentication) since it's in the same
>> domain as the unix sendmail it's connecting to.  But it's not fine for
>> Fote to mail using Al's server and user information because he's in a
>> different domain.  I'm fairly sure most sendmail setups on unix boxes
>> today are picky about who they will relay from, but only on a
>> domain-based criterion.  I think "this type of misuse" will work only
>> if the smart smtp host (the unix sendmail) is misconfigured to relay
>> from anywhere.
>> 
>> [I'm no sendmail expert]
> 
>This is a reasonable estimate, and can be tested.  If Al has a test account,
>or a colleague or friend on the same domain, he can try to send the mail as
>if from the colleague to Fote.  It should either arrive at Fote (where the
>message will look like it came from Al, or the colleague), get dropped (no
>better data), or a bounce may be sent to Al or the colleague.
> 
>The ISP wouldn't have to be wide-open;  it might accept any such addresses
>claiming to be at the limited sites/domains it relays for.
> 
>I admit ignorance coming late to the thread, I hadn't initially realized MS
>had a sendmail for NT that was so similar to the open source one.  I don't
>want to get hopes up, but I know someone I might be able to get more info
>about it from.  If I get anything that sounds useful (or cryptic and thereby
>potentially useful :> ) I'll certainly pass it along.
 
        For sending mail, there are servers which require authorization,
and Outlook Express includes this as a configuration option, and thus
would appear to support it.  For the most part, though, you're dealing
with ISP supported SMTP servers which apparently do their own filtering
in ways that they probably don't want to spell out to their customers,
for obvious reasons.  Al was able to set the sendmail.exe switches so
that via digex I got almost totally bogus headers, but it was still
possible to see that the "culprit" originated the "spam" via a digex
server, and who knows if digex could figure out that it was Al were a
complaint sent to them (presumeably would depend on what and how much
they are logging).  With GTE, I must have @gte.net in the -f (From
header) value, but need not have my own user name (e.g.,
address@hidden would work).  (What you really want is a way to
set the Reply-to header, so you could make clear what account you
are using to send the mail, but still have replies go to another
account, without need to set global forwarding.)

        The "Virtual Key" to which I previously referred is an
implementation name for software using the SPA (Secure Password
Authentication) protocol.  Outlook Express supports that too, and I'm
using (actually, "trying") it with OE for a address@hidden POP3/SMTP
account.  I can't get the sendmail.exe to work with that account,
and had thought it was due to it's lack of SPA support, but in fact
the SPA is used only when attempting to retrieve one's mail from
the POP3 server, not when sending mail via the SMTP server.  What
happens when I set up SYSTEM_MAIL for using the CSi SMTP server,
fully homologous to what I used for the GTE SMTP server and worked,
is an error which the details box describes as "Invalid page fault
in module KERNEL32.DLL at 0157:bff99c76", followed by register info.
I don't know if the problem is in sendmail.exe or in CSi software
that it uses.  I sent a message to Nigel at MicroSoft about this,
but haven't gotten a reply yet.

        I think these issues are important to understand, and
document (when more clearly understood :), because the DOS/WIN/NT
ports create a situation in which all ISPs can offer Lynx as a
downloadable package which their customers can use on their own
PCs, homologously to what is being done for GUIs.  For the most
part, "general users" have been dependent on access to shell
accounts which support a Lynx image, often obsolete, and without
adequate motivation for the ISPs to upgrade it themselves.  Those
could instead offer links to an updated Lynx package which installs
or reinstalls itself on the customers' PCs, but that still requires
confidence on the part of the ISPs that they're not offering links
and an implied endorsement for something which might come back to
haunt them in one way or another.

                                Fote
-- 
Foteos Macrides (address@hidden during April, '98)

reply via email to

[Prev in Thread] Current Thread [Next in Thread]