ietf
[Top] [All Lists]

Re: Last Call: draft-hutzler-spamops (Email Submission: Access and Accountability) to BCP

2007-06-10 11:51:50

On Sun, 10 Jun 2007, Tony Finch wrote:

On Fri, 8 Jun 2007, Stephane Bortzmeyer wrote:

Side note: on Unix, will cron be forced to authenticate to send emails
at 2 am? :-)

cron sends email by invoking sendmail, which knows the user that invoked
it. authentication is therefore automatic and has been the norm for ever.

Sendmail does not authenticate automatically or otherwise. What it does
is to use as RFC2821 MAIL FROM account of the user that invoked it or
when "-f" option is used puts out account of the user in the trace data.

This is not authentication, this is reporting of the user data, so its
like you connecting to open relay mail system and that system properly
puts in Received line with ip address of where you connected from and then forward your email without checking if you're allowed to relay or not.

Now in theory you could say that properly setup unix system should not
allow access to sendmail (by means of user/group permissions) for
those unix accounts that should not have access to it. In practice such
precise security policies & permissions are almost unheard of.

--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net

_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf