4 Oct
2001
4 Oct
'01
1:28 p.m.
hi,
thanks for the prompt response.
but i still have a few queries.....
1.> If the mail server doesn't check who i am when accepting a message for
delivery......doesn't that mean that anybody could use somebody else's
mail id to send mail????
i.e. i could send mail as someone_else(a)rediffmail.com or more locally
root(a)localhost.localdomain(by doing a self telnet on port25)....
wouldn't that be a security loophole.....i mean its pretty
harmless...but it means i could use some other mail id for unsolicited
mail????
any method of avoiding this???
2.> about...mutt and the address book facility.....its implemented as
aliases right??....could u guys direct me to a few good howtos?
3.> about my yahoo inbox....here's the complete interaction:-
(rather what i thought was relevant......)
fetchmail: POP3< +OK password required.
fetchmail: POP3> PASS *
fetchmail: POP3< +OK maildrop ready, 1 message (9625 octets) (446 6291456)
fetchmail: selecting or re-polling default folder
fetchmail: POP3> STAT
fetchmail: POP3< +OK 1 9625
fetchmail: POP3> LAST
fetchmail: POP3< +OK 1
1 message (1 seen) for innovativecrap at pop.vip.sc5.yahoo.com (9625 octets).
fetchmail: POP3> LIST
fetchmail: POP3< +OK 1 message (9625 octets)
fetchmail: POP3< 1 9625
fetchmail: POP3< .
skipping message 1 not flushed
fetchmail: POP3> QUIT
fetchmail: POP3< +OK server signing off.
fetchmail: not swapping UID lists, no UIDs seen this query
fetchmail: Query status=1 (NOMAIL) <<<<<what does that mean????
fetchmail: Deleting fetchids file.
fetchmail: normal termination, status 1
fetchmail: Deleting fetchids file.
(i did a fetchmail -v -v)
well any idea what's up??????
bye
thanks
sorry 'bout the length...
abhijeet
4 Oct
4 Oct
5:13 p.m.
On Tue, 2 Oct 2001, abhijeet wrote:
1.> If the mail server doesn't check who i am
when accepting a message for
delivery......doesn't that mean that anybody could use somebody else's
mail id to send mail????
Yes. Try it and see. That's how spammers send you mail, that's how
email is forged, that's the reason why you should digitally sign your
emails with a PGP/GPG signature that only you have.
wouldn't that be a security loophole.....i
mean its pretty
harmless...but it means i could use some other mail id for
unsolicited mail????
Isn't this already being done? Don't you receive spam?
any method of avoiding this???
Some strict settings on the mail server, but they could annoy legitimate
users. Remember how we all reacted when vsnl blocked non-vsnl users
from sending mail.
Basically, don't allow relay from any address not in your domain, unless
the destination address is in your domain. This could be fixed by
having your users' smtp server different from your actual mailhost - the
one with the MX entry in your DNS.
Check the IP of the source host. Don't allow relay from any host that
doesn't have a DNS entry, and isn't from your IP pool.
3.> about my yahoo inbox....here's the complete
interaction:-
(rather what i thought was relevant......)
fetchmail: POP3< +OK password required.
fetchmail: POP3> PASS *
fetchmail: POP3< +OK maildrop ready, 1 message (9625 octets) (446 6291456)
fetchmail: selecting or re-polling default folder
fetchmail: POP3> STAT
fetchmail: POP3< +OK 1 9625
fetchmail: POP3> LAST
fetchmail: POP3< +OK 1
1 message (1 seen) for innovativecrap at pop.vip.sc5.yahoo.com (9625 octets).
fetchmail: POP3> LIST
fetchmail: POP3< +OK 1 message (9625 octets)
fetchmail: POP3< 1 9625
fetchmail: POP3< .
skipping message 1 not flushed
fetchmail: POP3> QUIT
fetchmail: POP3< +OK server signing off.
fetchmail: not swapping UID lists, no UIDs seen this query
fetchmail: Query status=1 (NOMAIL) <<<<<what does that mean????
fetchmail: Deleting fetchids file.
fetchmail: normal termination, status 1
fetchmail: Deleting fetchids file.
(i did a fetchmail -v -v)
well any idea what's up??????
Exactly what's supposed to happen. You haven't told fetchmail to fetch
all mails, so it only tries to fetch new mails. The one mail that is
still on the server has already been read (LAST returns 1), so it isn't
downloaded or deleted (see the line that says 1 message (1 seen)).
Query status=1 (NOMAIL)
What does it sound like? Check the man page for return values of
fetchmail.
Philip
--
Repel them. Repel them. Induce them to relinquish the spheroid.
- Indiana University fans' chant for their perennially bad football team
Visit my webpage at http://www.ncst.ernet.in/~philip/
Read my writings at http://www.ncst.ernet.in/~philip/writings/
MSN philiptellis Yahoo! philiptellis
AIM philiptellis ICQ 129711328
7 Oct
7 Oct
7:55 a.m.
On Thu, 04 Oct 2001, Philip S Tellis spewed into the ether:
On Tue, 2 Oct 2001, abhijeet wrote:
This depends on how the mail
server is configured. Normally, your mail
server is configured to relay anything from a particular range of ip
addresses, and drop everything else.
<snip>
1.> If the mail server doesn't check who i
am when accepting a
message for delivery......doesn't that mean that anybody could use
somebody else's mail id to send mail????
Yes. Try it and see. That's how spammers send you mail, that's how
email is forged, that's the reason why you should digitally sign your
emails with a PGP/GPG signature that only you have. Some strict settings on the mail server, but they
could annoy
legitimate users. Remember how we all reacted when vsnl blocked
non-vsnl users from sending mail.
Use SMTP AUTH or POP before SMTP.
Basically, don't allow relay from any address not
in your domain,
unless the destination address is in your domain. This could be
fixed by having your users' smtp server different from your actual
mailhost - the one with the MX entry in your DNS.
Relay from, or relay to?
You relay to everything in your domain, and for everyone in your ip
block.
Check the IP of the source host. Don't allow
relay from any host
that doesn't have a DNS entry, and isn't from your IP pool.
Thats a bit
strict, plenty of people don't fix their DNS for dialups.
Its a useful spam block though :).
Devdas Bhagat
--
"Jesus may love you, but I think you're garbage wrapped in skin."
-- Michael O'Donohugh
8094
days inactive
8097
days old
2 comments
3 participants
participants (3)
-
abhijeet -
Devdas Bhagat -
Philip S Tellis