[lug] email mystery

[Kirk Rafferty]

On Wed, Feb 21, 2001 at 09:52:31AM -0700, Holshouser, David wrote:
> I'm new to administering my own system and how mail is configured in general
> but,
> it just seems strange that sendmail doesn't require a user to authenticate
> properly
> with username/passwd.
> 
> Can someone explain why a concept so integral to security has been skipped
> completely with regards to mail.

The answer is mostly historical.  When Eric Allman was writing Sendmail,
nobody thought about spam.  Just as Unix's most blatant security problems
came out of the notion that security just wasn't an issue, Sendmail
was written with the idea that every machine on the internet should be
able to send email everywhere else.  And if you can't get your email to
that machine from this one, send it through a relay that can get it there.
Sendmail used to relay by default, because that was the model.

So now that we all should just know to close open relays, you'd think it
wouldn't be a problem.  But vendors continue to ship Sendmail configured
to be open relays.  Even very recent Linux distros ship open.  Many vendors
also configure Sendmail to run by default.  RedHat, for instance, has
Sendmail running even on "workstation" configurations.  Couple that with
inexperienced sysadmins who install a machine and throw it on the net (or
install Linux on their home machine and connect to the net), and there is no
shortage of open relays.  (dialups make bad relays, but DSL and cable
connected Linux/BSD boxes make excellent relays)

Username/password authentication is unworkable because you'd need a username
and password on every mailserver on the net if you wanted to send email to
them.  Current methods of authentication on closed relay machines (reverse
lookups, mainly) work pretty good, and manage to stop the flow of most spam.
In fact, I'd say that if every relay were closed, the margins on spam would
get to be so small that SMTP spam would become rare.  RFC 2476 will help
too.

-k