Educause Security Discussion mailing list archives
Re: smtp auth (was Re: the importance of security)
From: Brian Reilly <reillyb () GEORGETOWN EDU>
Date: Tue, 17 Aug 2004 12:32:22 -0400
Kevin, Take a look at http://www.sendmail.org/~ca/email/auth.html and ftp://ftp.isi.edu/in-notes/rfc2554.txt. Users are required to authenticate prior to sending messages, but they're not restricted to only using a "from" address of that which they just authenticated. Georgetown has required SMTP AUTH for a few years now. Most non-webmail users use Netscape/Mozilla Messenger or Outlook. If you'd like to discuss further offline, just drop me a note. --Brian ______________________________________________ Brian Reilly, CISSP University Network Security Officer Georgetown University, UIS <reillyb () georgetown edu> +1 202.687.2775 On Mon, 16 Aug 2004, Kevin Shalla wrote:
I'm unfamiliar with smtp auth. Does this mean that when the user tries to send an email message that they are required to authenticate, and can only send messages with a "from" address of that username to which they just authenticated? If so, this could make email a fairly secure intra-university means of communication, correct? Does anyone have a link to beginner's background reading on this? At 12:05 PM 8/11/2004, Gary Flynn wrote:Jere Retzer wrote:The first two items seem mainly intended to ensure that your school is a good network citizen so I can understand a management temptation to ask "what is the benefit to us?" Is that the problem? Does anyone have data to help frame these particular policies in terms of general acceptance? Are most schools now doing this or are there pressures from the government of ISPs?We implemented SMTP auth and port 25 blocks a couple years ago.********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- smtp auth (was Re: the importance of security) Kevin Shalla (Aug 16)
- <Possible follow-ups>
- Re: smtp auth (was Re: the importance of security) Matthew Keller (Aug 16)
- Re: smtp auth (was Re: the importance of security) Dewitt Latimer (Aug 16)
- Re: smtp auth (was Re: the importance of security) Brian Reilly (Aug 17)