Thread name: "Re: [OpenIndiana-discuss] Qmail-to-go on openindiana?" Mail number: 6 Date: Tue, Apr 24, 2012 In reply to: Christopher Chan <[email protected]>
> NO, that is not accurate. "security" where it means anti-spam, DJB did not > bother because as far as he is concerned, the way things are, things are > just broken. Too bad his idea of how email should work never took off. So > any anti-spam features are provided by THIRD-PARTIES. It is not > 'patch-maked'. There is zero anti-spam. Of corse, anti-spam is not the only security bussine in the "email things related". For example, what about the "domain replace delivery" Using you domain address against from outside of you LAN. Long time ago, a "clown" mail to all my users from the CEO address and convoke a fake meeting. Was horrible, all my partners was looking to kill me :D the whole day. Other vulnerability: If I use AUTH as "fulano@yourdomain" and then send you a email from the name "siclano@spaming". When the MTA leave me replace MAIL FROM: after of the AUTH time, is very bad, is other "domain replace like atack" Other example: If I say "MAIL FROM: fulano" and then in the email, the from header say: "From: [email protected]". If my From: header leave me make whatever, and have not be like the MAIL FROM: is dangerous to. Security is not only SPAM making stoped. Other very big hole, is the backscatter or bounce atack. If for some motive, I can make you server return a bounce, and then, that return will be tou you address (or whatever address) You MTA will "bouncing" how many emails? That email who say: "sorry, your email can't be [some action]" Is a hole bunch of danger, because, for example, the atacking return address can be a Spamcop trap. You will be send to he Black List at the moment very easy. Greetings from Cuba. _______________________________________________ OpenIndiana-discuss mailing list [email protected] http://openindiana.org/mailman/listinfo/openindiana-discuss
