"60 Minutes" and Web Site Evaluations
Peter Murray
pem at po.cwru.edu
Wed Mar 5 11:45:01 EST 1997
On Tue, 4 Mar 1997, Thomas Dowling wrote:
> A purported *e-mail message* from Leslie Stahl was given greater
> credibility because Andrew Kantor configured his copy of Netscape to
> use smtp.cbsnews.com as his SMTP host. The mail header on the message
> he sent then indicated it had come through that server. In the
> sysadmin community this is a known shortcoming of SMTP (as just
> described to me by my sysadmin); plugging this hole seems to require
> firewalls, although "maybe the next version of sendmail fixes this."
Current versions of SENDMAIL fix this. The feature of passing mail through a
SENDMAIL site (such as "smtp.cbsnews.com") is called mail relaying, and is
useful for some purposes but can be abused. More information about anti-spam
measures, check out the web site: http://www.sendmail.org/antispam.html
(If you are using versions of SENDMAIL older than 8.8 on your UNIX boxes, you
really should upgrade. There are known problems with earlier versions that
crackers can exploit. Upgrade to the latest version or contact your
operating system vendor for updates.)
> It's enough to make one get PGP.
Or wide-spread use of Digital Signature technologies, etc...
Peter
--
Peter Murray, Library Systems Manager pem at po.cwru.edu
Library Information Technologies http://www.cwru.edu/home/pem.html
Case Western Reserve University, Cleveland, Ohio W:216-368-5888
More information about the Web4lib
mailing list