[lug] email mystery

[Holshouser, David]

I'm new to administering my own system and how mail is configured in general
but,
it just seems strange that sendmail doesn't require a user to authenticate
properly
with username/passwd.

Can someone explain why a concept so integral to security has been skipped
completely with regards to mail.

> -----Original Message-----
> From:	Kirk Rafferty [SMTP:kirk at fpcc.net]
> Sent:	Wednesday, February 21, 2001 9:09 AM
> To:	lug at lug.boulder.co.us
> Subject:	Re: [lug] email mystery
> 
> On Wed, Feb 21, 2001 at 12:47:47AM -0700, D. Stimits wrote:
> > With all the anti-spam laws starting to either show up or be discussed
> > by various government bodies, it would seem that a law needs to be added
> > that says commercial advertisement is deemed spam if such tricks are
> >8<...
> 
> Laws are hard to enforce with regards to SMTP spam.  In the case of this
> spam, you'd have to try to enforce a US law in Japan.
> 
> It would be much more effective to stop the flow of spam at the source.
> Closing down relays is the first line of defense.  Refusing messages from
> open relays is another step (which RSS and RBL address).  Another attempt
> being made on the spam front is the adoption of RFC2476, Message
> Submission
> Agent.  You can find out how Sendmail is implementing it at
> http://sendmail.net/rfc2476.shtml.  Here's a snippet:
> 
> The goal? First, to prevent spammers and unauthorized
> users from launching messages into your Internet mail
> system by tightening up that first conversation between,
> say, Eudora and sendmail. An MSA would require more
> fully formed headers to make authentication and tracking
> of the message possible. It may have extra error codes,
> such as "message violates system policy." It may require
> authentication (see RFC 2554) before talking to the
> MUA. 
> 
> -k
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug