hi, thanks for the prompt response. but i still have a few queries..... 1.> If the mail server doesn't check who i am when accepting a message for delivery......doesn't that mean that anybody could use somebody else's mail id to send mail???? i.e. i could send mail as someone_else@rediffmail.com or more locally root@localhost.localdomain(by doing a self telnet on port25)....
wouldn't that be a security loophole.....i mean its pretty harmless...but it means i could use some other mail id for unsolicited mail???? any method of avoiding this??? 2.> about...mutt and the address book facility.....its implemented as aliases right??....could u guys direct me to a few good howtos? 3.> about my yahoo inbox....here's the complete interaction:- (rather what i thought was relevant......) fetchmail: POP3< +OK password required. fetchmail: POP3> PASS * fetchmail: POP3< +OK maildrop ready, 1 message (9625 octets) (446 6291456) fetchmail: selecting or re-polling default folder fetchmail: POP3> STAT fetchmail: POP3< +OK 1 9625 fetchmail: POP3> LAST fetchmail: POP3< +OK 1 1 message (1 seen) for innovativecrap at pop.vip.sc5.yahoo.com (9625 octets). fetchmail: POP3> LIST fetchmail: POP3< +OK 1 message (9625 octets) fetchmail: POP3< 1 9625 fetchmail: POP3< . skipping message 1 not flushed fetchmail: POP3> QUIT fetchmail: POP3< +OK server signing off. fetchmail: not swapping UID lists, no UIDs seen this query fetchmail: Query status=1 (NOMAIL) <<<<<what does that mean???? fetchmail: Deleting fetchids file. fetchmail: normal termination, status 1 fetchmail: Deleting fetchids file. (i did a fetchmail -v -v) well any idea what's up?????? bye thanks sorry 'bout the length... abhijeet
On Tue, 2 Oct 2001, abhijeet wrote:
1.> If the mail server doesn't check who i am when accepting a message for delivery......doesn't that mean that anybody could use somebody else's mail id to send mail????
Yes. Try it and see. That's how spammers send you mail, that's how email is forged, that's the reason why you should digitally sign your emails with a PGP/GPG signature that only you have.
wouldn't that be a security loophole.....i mean its pretty harmless...but it means i could use some other mail id for unsolicited mail????
Isn't this already being done? Don't you receive spam?
any method of avoiding this???
Some strict settings on the mail server, but they could annoy legitimate users. Remember how we all reacted when vsnl blocked non-vsnl users from sending mail.
Basically, don't allow relay from any address not in your domain, unless the destination address is in your domain. This could be fixed by having your users' smtp server different from your actual mailhost - the one with the MX entry in your DNS.
Check the IP of the source host. Don't allow relay from any host that doesn't have a DNS entry, and isn't from your IP pool.
3.> about my yahoo inbox....here's the complete interaction:- (rather what i thought was relevant......) fetchmail: POP3< +OK password required. fetchmail: POP3> PASS * fetchmail: POP3< +OK maildrop ready, 1 message (9625 octets) (446 6291456) fetchmail: selecting or re-polling default folder fetchmail: POP3> STAT fetchmail: POP3< +OK 1 9625 fetchmail: POP3> LAST fetchmail: POP3< +OK 1 1 message (1 seen) for innovativecrap at pop.vip.sc5.yahoo.com (9625 octets). fetchmail: POP3> LIST fetchmail: POP3< +OK 1 message (9625 octets) fetchmail: POP3< 1 9625 fetchmail: POP3< . skipping message 1 not flushed fetchmail: POP3> QUIT fetchmail: POP3< +OK server signing off. fetchmail: not swapping UID lists, no UIDs seen this query fetchmail: Query status=1 (NOMAIL) <<<<<what does that mean???? fetchmail: Deleting fetchids file. fetchmail: normal termination, status 1 fetchmail: Deleting fetchids file. (i did a fetchmail -v -v) well any idea what's up??????
Exactly what's supposed to happen. You haven't told fetchmail to fetch all mails, so it only tries to fetch new mails. The one mail that is still on the server has already been read (LAST returns 1), so it isn't downloaded or deleted (see the line that says 1 message (1 seen)).
Query status=1 (NOMAIL)
What does it sound like? Check the man page for return values of fetchmail.
Philip
On Thu, 04 Oct 2001, Philip S Tellis spewed into the ether:
On Tue, 2 Oct 2001, abhijeet wrote:
1.> If the mail server doesn't check who i am when accepting a message for delivery......doesn't that mean that anybody could use somebody else's mail id to send mail????
Yes. Try it and see. That's how spammers send you mail, that's how email is forged, that's the reason why you should digitally sign your emails with a PGP/GPG signature that only you have.
This depends on how the mail server is configured. Normally, your mail server is configured to relay anything from a particular range of ip addresses, and drop everything else. <snip>
Some strict settings on the mail server, but they could annoy legitimate users. Remember how we all reacted when vsnl blocked non-vsnl users from sending mail.
Use SMTP AUTH or POP before SMTP.
Basically, don't allow relay from any address not in your domain, unless the destination address is in your domain. This could be fixed by having your users' smtp server different from your actual mailhost - the one with the MX entry in your DNS.
Relay from, or relay to? You relay to everything in your domain, and for everyone in your ip block.
Check the IP of the source host. Don't allow relay from any host that doesn't have a DNS entry, and isn't from your IP pool.
Thats a bit strict, plenty of people don't fix their DNS for dialups. Its a useful spam block though :).
Devdas Bhagat