[pmmail-list] PMMail and network security issue.

Rich pmmail-list@blueprintsoftwareworks.com
Mon, 23 Apr 2001 14:18:09 -0400 (EDT) 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 23 Apr 2001 10:51:39 -0500 (CDT), Maynard Riley wrote:

>
>I studied this issue at some length many months ago, and will gladly
>report some results here.
>
>PMMail/2 v2 sends a HELO argument which can be controlled by your HOSTS
>file for whatever IP you're using [\mptn\BIN\SETUP.CMD]. Perhaps if it
>doesn't find it there it looks elsewhere, presumbaly HOSTNAME in
>config.sys

PMMail does not get the network computer name and workgroup name from the hosts file! That was the first thing I 
checked back when I found this problem. I wrote a quick rex file to change the hosts file and change the computer 
name before an email was sent. It didn't work. My impression is that the hosts file is read ( or the computer name is 
read from somewhere else, such as the registry on a win machine), and the computer/workgroup names are read 
when the network requestor is started and can not be dynamically changed afterwards. That's why I don't like the 
idea of PMMail using the network computer and workgroup name with the 'helo' command. 

>
>I'm also running Weasel, which of course also sends a HELO argument;
>though I haven't cared where it finds the value for this purpose, I
>presume that it is one of the two sources mentioned above.

Maybe, but it's not making it through your server. If you check your own headers, there's no "claiming to be" at the 
end of the first received line.

>
>In either case, the entry of that information into email headers is
>under the sole control of the SMTP program which receives the message,
>be it from PMMail or from Weasel or from Sendmail or whatever.

Yes, but the _content_ of the entry is up to PMMail!

>
>Weasel will add this into the Received line which it generates, when
>you use PMMail to send to Weasel, and Weasel to send it outside.
>
>Changing the value used in your local HOSTS file shouldn't affect other
>users on the local network; and would be the easiest way to control the
>PMMail HELO output.

As I said, the hosts file has nothing to do with PMMail's use of the helo command. I know this for sure because I just 
checked my win machine and found out that I had forgotten to update the hosts file after makiing a network name 
change on that computer. PMMail sends the correct name, not the one in the hosts file...

The actual second side of this complaint is that I use a half dozen different email accounts with different names, 
some business and some private. I don't like the idea of PMMail displaying that all these accounts are the same 
computer and person. With netscape or other email programs that get the helo information from the account setup, 
all the accounts appear as they should, separate accounts!

The alternative is to switch to an ISP that doesn't forward along the helo information, which most apparently do not, or 
to switch email clients. Oddly enough, I'd rather switch ISP's since PMMail is the only client I can find that runs on both 
OS/2 and win... But the search is on...

>
>hth,
>
>	`~Maynard
>
>
>
>
>
>- pmmail-list - The PMMail Dicussion List ---------------------------
>To UNSUBSCRIBE, send a message to mdaemon@bmtmicro.com with the first 
>line of the message body being...
>UNSUBSCRIBE pmmail-list@blueprintsoftwareworks.com
>
>

******************************************************************************
Practice Random Acts of Kindness and Senseless...Umm...Uhh....
  Oh - Heck...I never could remember all that "nice" stuff.
- -----------------------------{rich@bearlycomputing.com}------------------------------
******************************************************************************


-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0 OS/2 for non-commercial use
Comment: PGP 5.0 for OS/2
Charset: noconv

wj8DBQE65GPHBxPGE7kCCh0RAvY0AJ9EZEBj8Jo5hgKI7yPUeo7FnWPkZACfeR//
3uW5Qy+wyrNtsKz/wyeLbCc=
=HWSs
-----END PGP SIGNATURE-----

- pmmail-list - The PMMail Dicussion List ---------------------------
To UNSUBSCRIBE, send a message to mdaemon@bmtmicro.com with the first 
line of the message body being...
UNSUBSCRIBE pmmail-list@blueprintsoftwareworks.com