Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!caip!rutgers!sri-spam!sri-unix!hplabs!tektronix!tekgen!tektools!richl
From: richl@penguin.uss.tek.com (Rick Lindsley)
Newsgroups: net.mail.headers
Subject: telnetting to port 25
Message-ID: <1622@tektools.UUCP>
Date: Tue, 30-Sep-86 12:43:58 EDT
Article-I.D.: tektools.1622
Posted: Tue Sep 30 12:43:58 1986
Date-Received: Sat, 4-Oct-86 04:48:45 EDT
Sender: uss@tektools.UUCP
Reply-To: richl@penguin.uss.tek.com (Rick Lindsley)
Organization: Tektronix, Inc., Beaverton, OR.
Lines: 22

Has anybody thought of a good solution to this problem? One that I once
implemented was to make smtp use a root port to send mail. Then if I
telnet to 25, then, I can chat with a help command, or maybe vrfy an
address, but as soon as I do mail from: I'll get an error.

In our particular case, we had mixed mailers (not all used root ports)
so I couldn't just refuse the message. What I did, though, was tack on
a line:

Comments: Message received over unauthenticated port.

Unfortunately, the users howled that this *looked* bad, and made our
company *look* bad. Apparently they'd rather have the hole present then
"look bad", so when we converted to sendmail the "feature" of
being able to telnet a forged message returned.

Does anybody else see this as a solution, or if not a solution then
perhaps a step towards one? I also think verification of a sitename on
a helo command would be nice, to catch obvious liars. (Yes I once
implemented that too, and caught flak for that too!)

Rick