Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Agreed that the port 25 need be open, but what about the ease with which one can telnet onto port 25 and send / recieve mails using any name without authentication.
What is done in this case, is the telnet service blocked or what are the other options?
For this, you'll need an email server with some Anti-Spoofing features, e.g., your mail server can accept only a valid account and also asks for that account's password before letting that user send any mail.
Users also don't need to use Telnet to do that (abusing port 25), they can do the same with their mail client.
Originally posted by jalal For this, you'll need an email server with some Anti-Spoofing features, e.g., your mail server can accept only a valid account and also asks for that account's password before letting that user send any mail.
Okay so the mail server by default will allow any@its-domain and un-authenticated mail transactions (Surprising to me, Please correct me if am worng).
Is this the case with sendmail, qmail as well? How does one enable Anti Spoofing on Exchange 2000?
Quote:
Users also don't need to use Telnet to do that (abusing port 25), they can do the same with their mail client.
an Email server's default depends on that mail server, could be secure, could be not.
To spoof using your favourite mail client, just enter fake information in the settings, e.g. just tell your mail client that you are jalal@domain instead of etc@domain
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.