[Sussex] Securing Mail Servers

paul.morriss at tokenbay.co.uk paul.morriss at tokenbay.co.uk
Sun Apr 16 16:01:15 UTC 2006


Hi all
  Sorry I have yet another question ;)  This is regarding mail servers....

I have been testing a new mail server setup (atm it's on a private
network, but will be public when configuration finished), I have noticed
that anyone can telnet into the mail server and issue:
helo, from, to, data and then send.... I see this as a large security hole
as it means hacker X could send a malicious email from
webmaster at whatever.com without any authorisation.

We have added security that it will be bounced if the from address is not
valid but is there a way so that only authorised users can send mail..

Apologies if this has been asked many times but I am new to mail systems.

Paul





More information about the Sussex mailing list