Security Basics mailing list archives
RE: FW: (REPOST) Sendmail 8.11 configuration/security issue
From: "Keith T. Morgan" <keith.morgan () terradon com>
Date: Wed, 8 Jan 2003 00:15:50 -0500
<snip>
Sure. You could write a sendmail ruleset to prevent this too (there are attempts of varying quality findable via groups.google.com). You can also write sendmail rulesets to bounce all mail with 'DUCK' in the subject line, but that won't protect you from all offensive content. My point was that it 'breaks stuff' and it doesn't solve the problem of forged email except maybe for a single domain, or a list of domains.
Which is exactly what I think the original poster needed. <snip>
I'm coming from the school that says unsigned (and/or unencrypted) email should not be used for 'business directives' anyway (for a variety of reasons) and that's what I tell clients. I don't think it's that hard to convice people of this. Our users aren't stupid. They just need to have things explained to them.
I agree 100%. Unfortunately... while this is correct, it is out of touch with the real world as business directives occur daily all over the place with no digital signatures in email. Additionally, depending on the importance/weight of the directive, even after educating users, you can bet they'll continue to use plaintext unsigned email for most business communications. Yes, awareness is good and will help... but I think we're digressing. Our original poster wanted to know how to block the spoofed emails coming in on his mail servers. I haven't seen a specific sendmail feature for this. You make reference that it can be done and I agree. Do you have a URL handy for the benefit of the original poster? <snip>
Current thread:
- FW: (REPOST) Sendmail 8.11 configuration/security issue Keith T. Morgan (Jan 06)
- Re: FW: (REPOST) Sendmail 8.11 configuration/security issue john65 (Jan 07)
- <Possible follow-ups>
- RE: FW: (REPOST) Sendmail 8.11 configuration/security issue Keith T. Morgan (Jan 21)