Re: lynx-dev yout mail

lynx-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev yout mail

From:	Heather Stern
Subject:	Re: lynx-dev yout mail
Date:	Wed, 22 Apr 1998 19:56:18 -0700 (PDT)

I ate the fortune cookie first, then read what Jason F. McBrayer wrote:
> >>>>> "WB" == Wayne Buttles <address@hidden> writes:
> WB> On Tue, 21 Apr 1998, Foteos Macrides wrote:
> 
> >> Do you know if sendmail.exe is checking a database for
> >> authorization info, e.g., that used by Outlook Express, such
> >> that it could be modified to make this type of misuse actually
> >> work? 
> 
> WB> I believe all information is passed to it via the command line.  It is
> WB> just a dumb automated telnet.  It doesn't do any intellegent
> WB> authentication ... but does unix sendmail? 
> 
> My guess is that the unix sendmail that sendmail.exe is connecting to
> is doing host-based authentication:  it's fine for Al to mail from his
> box (without any particular authentication) since it's in the same
> domain as the unix sendmail it's connecting to.  But it's not fine for
> Fote to mail using Al's server and user information because he's in a
> different domain.  I'm fairly sure most sendmail setups on unix boxes
> today are picky about who they will relay from, but only on a
> domain-based criterion.  I think "this type of misuse" will work only
> if the smart smtp host (the unix sendmail) is misconfigured to relay
> from anywhere.
> 
> [I'm no sendmail expert]

This is a reasonable estimate, and can be tested.  If Al has a test account,
or a colleague or friend on the same domain, he can try to send the mail as
if from the colleague to Fote.  It should either arrive at Fote (where the
message will look like it came from Al, or the colleague), get dropped (no
better data), or a bounce may be sent to Al or the colleague.

The ISP wouldn't have to be wide-open;  it might accept any such addresses
claiming to be at the limited sites/domains it relays for.

I admit ignorance coming late to the thread, I hadn't initially realized MS
had a sendmail for NT that was so similar to the open source one.  I don't
want to get hopes up, but I know someone I might be able to get more info
about it from.  If I get anything that sounds useful (or cryptic and thereby
potentially useful :> ) I'll certainly pass it along.

  . | .   Heather Stern                  |         address@hidden
--->*<--- Starshine Technical Services - * - address@hidden
  ' | `   Sysadmin Support and Training  |        (800) 938-4078

[Prev in Thread]

Current Thread

[Next in Thread]

lynx-dev Re: your mail, Foteos Macrides, 1998/04/21
- Re: lynx-dev Re: your mail, Wayne Buttles, 1998/04/21
  - Re: lynx-dev Re: your mail, Jason F. McBrayer, 1998/04/22
    - Re: lynx-dev yout mail, Heather Stern <=
    - lynx-dev sendmail (was: yout (sic) mail), David Woolley, 1998/04/25
- Re: lynx-dev changing mail user (was Your Mail), Heather Stern, 1998/04/21

Prev by Date: Re: lynx-dev suggestions for new features
Next by Date: Re: lynx-dev Lynx 2.8rel.2 w/ SSL core dumps
Previous by thread: Re: lynx-dev Re: your mail
Next by thread: lynx-dev sendmail (was: yout (sic) mail)
Index(es):
- Date
- Thread