Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watnot!watmath!clyde!cbatt!ucbvax!engr.ub.COM!dcrocker
From: dcrocker@engr.ub.COM.UUCP
Newsgroups: mod.protocols.tcp-ip
Subject: Re: Access control and Accountability
Message-ID: <8704102121.AA24982@ucbvax.Berkeley.EDU>
Date: Fri, 10-Apr-87 15:45:47 EST
Article-I.D.: ucbvax.8704102121.AA24982
Posted: Fri Apr 10 15:45:47 1987
Date-Received: Sat, 11-Apr-87 18:24:41 EST
Sender: daemon@ucbvax.BERKELEY.EDU
Distribution: world
Organization: Ungermann-Bass, Inc., Santa Clara, CA
Lines: 35
Approved: tcp-ip@sri-nic.arpa

Newsgroups: mod.protocols.tcp-ip
Subject: Re: Access control and accountability
Summary: 
Expires: 
References: <8704081259.AA17700@topaz.rutgers.edu>
Sender: 
Reply-To: dcrocker@ubvax.UUCP (Dave Crocker)
Followup-To: 
Distribution: world
Organization: Ungermann-Bass, Inc., Santa Clara, Ca.
Keywords: 

In article <8704081259.AA17700@topaz.rutgers.edu>
	    hedrick@TOPAZ.RUTGERS.EDU (Charles Hedrick) writes:
>...  You will need to insert the access control in
>sendmail also.  We have done all of this stuff in the past, but are
>not doing it now.  It is nearly impossible to control mail.  There are
>now so many gateways, that you can always find some machine on the
>local network that will forward your mail to the Arpanet for you.  Not
>to mention UUCP or Bitnet to Arpanet gateways...

The MMDFII mail transport system, used by CSNet and distributed with
4.3BSD, has considerable path-filtering based security.  You can
prohibit users, networks or hosts from sending to any specified host
or network.

While this requires a cooperating set of internal MMDF's to enforce
filtering pervasively, rather than simply at the boundaries, one would
assume that a security mechanism would not be used unless the requirement
were fairly severe.

Dave

P.S.  You are correct that statistics gathering features are present in
      other vendors' IP Routers.