[pmmail-list] PMMail and network security issue.

Stefan Kirch pmmail-list@blueprintsoftwareworks.com
Mon, 23 Apr 2001 07:55:22 +0200


Hi Rich!

I'm not sure, if I understood you correctly. You worry about the
data, which is been shared between your email-client and your
SMTP-Server, don't you?

In the header of the emails themself, there are no informations 
about computer-names or workgroup - despite of the "Received"-
lines, which are inserted by the MTA.
So it seems to me, as if there is only a security-problem between
the email-client and the smtp-server, ok?

EVERY smtp-server knows your ip, if you make a connection to
the server, if not, you are not able to make a connection. So,
it doesn't matter, to send the ip-address in the helo-command,
because the SMTP-server allready know this.
Ok, the workgroup-name and the computer-name aren't necessary,
so it would be a good idea, to NOT announce them with the
helo-command.

In my opinion, the best idea, to be as secure as possible, is
to use every time a own smtp-server and "patch" this one,
so that the smtp-server doesn't add important informations to
the emails, e.g. we use qmail and made settings, that the first
received line is "Received: from somewhere (user@somewhere)"
instead of ip-adresses or usernames.

I don't know, if it's possible for you, to install a own
smtp-server but I think, this is the most secure way to avoid
any problems!

  Steff

- pmmail-list - The PMMail Dicussion List ---------------------------
To UNSUBSCRIBE, send a message to mdaemon@bmtmicro.com with the first 
line of the message body being...
UNSUBSCRIBE pmmail-list@blueprintsoftwareworks.com