Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.2 9/18/84; site brl-tgr.ARPA Path: utzoo!watmath!clyde!cbosgd!cbdkc1!desoto!packard!hoxna!houxm!mhuxj!mhuxr!ulysses!allegra!bellcore!decvax!genrad!panda!talcott!harvard!seismo!brl-tgr!tgr!RWK@SCRC-RIVERSIDE.ARPA From: RWK@SCRC-RIVERSIDE.ARPA (Robert W. Kerns) Newsgroups: net.mail.headers Subject: Firewalls in sendmail Message-ID: <8643@brl-tgr.ARPA> Date: Mon, 25-Feb-85 19:35:28 EST Article-I.D.: brl-tgr.8643 Posted: Mon Feb 25 19:35:28 1985 Date-Received: Fri, 1-Mar-85 06:24:58 EST Sender: news@brl-tgr.ARPA Lines: 71 Date: Sun 24 Feb 85 12:07:04-EST From: Greg Skinner A minor problem with this first statement... It [CHAOS mail access] certainly could have been disallowed, since general use of the chaosnet is not permitted for undergraduates (it requires a special bit which enables one to write to the cha: device which is the chaos network device on a DEC-20). Undergraduates are not allowed to make file transfers, telnet to other hosts, etc. unless they have that bit. Since mail works the same way, it could have been restricted the same way. Untrue! Mail does not work the same way! The (implementation) reason students can send mail via the CHAOSnet is because it isn't THEY who send the mail, it's the mailer daemon, which is a part of the system. It would be rather difficult to restrict some people and not others, involving all sorts of issues of validation, etc. TOPS-20 is by no means unique in this regard, at MIT or elsewhere, nor is TOPS-20 the only system that undergraduates use. Putting in firewalls into every operating system on every machine that undergraduates have occasion to use is not likely to be worth the work, especially on systems that don't give you the sources to their mailer! And personal computers really make a mockery of these efforts, unless you care to forbid the connection of personal coputers to the network. This would certainly NOT be feasible at MIT! Also, it is not clear just what constitutes "undergrad use of the arpanet". If an undergrad sends mail to his TA, and his TA forwards his mail to MIT-Multics (quite reasonable), is it the undergrad or the TA that's using the network. What if the undergrad sends mail to HEADER-PEOPLE@XX, assuming XX has such a forwarding entry to MC? The policy of the undergraduate comp center was (at least up until a couple of years ago) to deny chaosnet access to any undegraduates using the 20 unless they actually worked there as staff, consultant, or some other software support. With the growing number of undergraduate research opportunities at MIT, the number of chaosnet access bits increased (the only other way to get chaosnet access was to justify the need for it by having a non-guest account on another chaosnet machine). Nowadays many undergrads get chaosnet bits -- I'm not saying this is right or wrong, just the way things are. Indeed, forbidding access on the basis of restricting individuals to mail between certain groups of users, certain machines, certain networks, or using any other arbitrary predetermined boundaries, is doomed to perpetual inappropriateness. Either you have to restrict communications that would be better left unrestricted, or you have to permit ones you did not intend. Speaking personally, having chaosnet access (implying ARPA access) benefitted me greatly as an undergrad because I was able to get useful technical information (unix-wizards, header-people, etc.) which I wouldn't have got otherwise until my undergrad years had just about ended. I wouldn't have known half of what I knew coming out of school without those bits. Many other MIT undergrads feel the same way -- I'll forward the question to some of them so you can hear from them. This is right on, although I don't think you made the point strongly enough. I think mail access is an ESSENTIAL part of the undergraduate curriculum. I don't want to hire a new grad who has just been exposed to the little world on MIT-EE, and who has no idea how to behave in the larger world. --gregbo gds@mit-xx.arpa gregbo%houxm.uucp@harvard.arpa {allegra,cbosgd,ihnp4}!houxm!gregbo -------