Educause Security Discussion mailing list archives

Re: smtp auth (was Re: the importance of security)


From: Brian Reilly <reillyb () GEORGETOWN EDU>
Date: Tue, 17 Aug 2004 12:32:22 -0400

Kevin,

Take a look at http://www.sendmail.org/~ca/email/auth.html and
ftp://ftp.isi.edu/in-notes/rfc2554.txt.  Users are required to
authenticate prior to sending messages, but they're not restricted to only
using a "from" address of that which they just authenticated.

Georgetown has required SMTP AUTH for a few years now.  Most non-webmail
users use Netscape/Mozilla Messenger or Outlook.  If you'd like to discuss
further offline, just drop me a note.

--Brian

______________________________________________
Brian Reilly, CISSP
University Network Security Officer
Georgetown University, UIS
<reillyb () georgetown edu>
+1 202.687.2775


On Mon, 16 Aug 2004, Kevin Shalla wrote:

I'm unfamiliar with smtp auth.  Does this mean that when the user tries to
send an email message that they are required to authenticate, and can only
send messages with a "from" address of that username to which they just
authenticated?  If so, this could make email a fairly secure
intra-university means of communication, correct?  Does anyone have a link
to beginner's background reading on this?

At 12:05 PM 8/11/2004, Gary Flynn wrote:
Jere Retzer wrote:

The first two items seem mainly intended to ensure that your school is a
good network citizen so I can understand a management temptation to ask
"what is the benefit to us?" Is that the problem?

Does anyone have data to help frame these particular policies in terms
of general acceptance? Are most schools now doing this or are there
pressures from the government of ISPs?

We implemented SMTP auth and port 25 blocks a couple
years ago.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread: