possible SMTP attack
Alexander Dalloz
alexander.dalloz at uni-bielefeld.de
Sat Jul 31 19:08:24 UTC 2004
Am Sa, den 31.07.2004 schrieb Pedro Fernandes Macedo um 20:59:
> Besides firewalling this IP, nothing much..... Dont know what kind of
> attack is it , but maybe limiting AUTH to secure channels can stop it
> (if the attacker dont have tools that support TLS). In postfix you have
> the option to only allow the use of the AUTH command if TLS is being
> used. Dont know if sendmail can do the same thing though...
Of course Sendmail can be configured the same way. The sendmail.mc
coming with Fedora is already prepared so that this setting can easily
be activated.
> The only downside (which isnt in fact a downside) is that your users
> will have to use TLS , but this way you gain in terms of security...
> They'll have a bit of headache if your certificates are self-signed ,
> but that's easy to overcome that...
You just have to give the users your cacert file to let it be imported
as a valid and trusted CA.
Saying that, it will not stop stupid or even cleverer SMTP AUTH attacks.
> Pedro Macedo
Alexander
--
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.6-1.435.2.3.ad.umlsmp
Serendipity 21:05:58 up 2:30, 8 users, 0.06, 0.16, 0.20
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20040731/c5766553/attachment-0002.bin
More information about the users
mailing list