How to set "From:" address in VMS MAIL - VMS

This is a discussion on How to set "From:" address in VMS MAIL - VMS ; In article , Ken.Fairfield@gmail.com writes: > On Jan 6, 3:45 pm, Tad Winters > wrote: > [...] > >> There is a logical called MULTINET_SMTP_REPLY_TO which might give you what >> you need. I've used it many times to keep ...

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
Results 21 to 28 of 28

Thread: How to set "From:" address in VMS MAIL

  1. Re: How to set "From:" address in VMS MAIL

    In article <707aff7e-94cf-45e5-ba71-e9e51b046fae@l6g2000prm.googlegroups.com>,
    Ken.Fairfield@gmail.com writes:
    > On Jan 6, 3:45 pm, Tad Winters
    > wrote:
    > [...]
    >
    >> There is a logical called MULTINET_SMTP_REPLY_TO which might give you what
    >> you need. I've used it many times to keep people from sending replies to
    >> VMS systems which don't have MX records in DNS and aren't referenced by the
    >> common mail servers.

    >
    > That logical does, indeed, set the Reply-to: address, but
    > OutHouse still
    > shows the From: address as sent. This may be sufficient... :-)
    >


    If there is any way for the user to change the From: header of an
    outgoing Email that would be a major security flaw in VMS. Unless
    you don't see forging email as a security problem!

    bill

    --
    Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves
    bill@cs.scranton.edu | and a sheep voting on what's for dinner.
    University of Scranton |
    Scranton, Pennsylvania | #include

  2. Re: How to set "From:" address in VMS MAIL

    In article <5uf4oqF1geadbU1@mid.individual.net>, billg999@cs.uofs.edu (Bill Gunshannon) writes:

    > If there is any way for the user to change the From: header of an
    > outgoing Email that would be a major security flaw in VMS. Unless
    > you don't see forging email as a security problem!


    Multinet on EISNER:: allows that, provided one is coming in from a PC
    or Macintosh using an authenticated connection. The From: address
    need not bear any relationship to anything.

  3. Re: How to set "From:" address in VMS MAIL

    In article <5uf4oqF1geadbU1@mid.individual.net>, billg999@cs.uofs.edu (Bill Gunshannon) writes:
    >In article <707aff7e-94cf-45e5-ba71-e9e51b046fae@l6g2000prm.googlegroups.com>,
    > Ken.Fairfield@gmail.com writes:
    >> On Jan 6, 3:45 pm, Tad Winters
    >> wrote:
    >> [...]
    >>
    >>> There is a logical called MULTINET_SMTP_REPLY_TO which might give you what
    >>> you need. I've used it many times to keep people from sending replies to
    >>> VMS systems which don't have MX records in DNS and aren't referenced by the
    >>> common mail servers.

    >>
    >> That logical does, indeed, set the Reply-to: address, but
    >> OutHouse still
    >> shows the From: address as sent. This may be sufficient... :-)
    >>

    >
    >If there is any way for the user to change the From: header of an
    >outgoing Email that would be a major security flaw in VMS. Unless
    >you don't see forging email as a security problem!
    >

    This is a problem of SMTP not VMS. It is trivial to forge the From: address.

    To somewhat offset this problem most SMTP implementations on multiuser
    platforms add in a sender line with the authenticated sender
    ie the account which was logged into the system and sent the message

    So using PMDF I can send with whatever FROM: address I like but the PMDF system
    will add in a Sender: line which will identify who really sent it.


    eg

    Date: Mon, 07 Jan 2008 17:48:18 +0000 (GMT)
    From: kirk@enterprise.com
    Subject: test
    Sender: d.webb@mdx.ac.uk
    To: d.webb@mdx.ac.uk
    Message-id: <01MPTJJKMW6M8YL2DJ@cluster.mdx.ac.uk>


    I'd expect that the TCPWARE, Multinet , or DEC TCPIP logicals would provide
    similar results ie the real sender being identified by a Sender line.




    (Of course this doesn't stop someone just using a different client which
    doesn't do this or just connecting directly to the SMTP port and typing in
    whatever SMTP commands they like. Alternatively they can just use a PC mail
    client where with most clients they will be able to setup whatever forged
    address they wish when configuring the client).


    Cue for anti-spam kook discussion of how we could improve things if only we
    would replace SMTP with x y or z.



    David Webb
    Security team leader
    CCSS
    Middlesex University


    >bill
    >
    >--
    >Bill Gunshannon | de-moc-ra-cy (di mok' ra see) n. Three wolves
    >bill@cs.scranton.edu | and a sheep voting on what's for dinner.
    >University of Scranton |
    >Scranton, Pennsylvania | #include


  4. Re: How to set "From:" address in VMS MAIL

    In article <5uf4oqF1geadbU1@mid.individual.net>, billg999@cs.uofs.edu (Bill Gunshannon) writes:
    >
    > If there is any way for the user to change the From: header of an
    > outgoing Email that would be a major security flaw in VMS. Unless
    > you don't see forging email as a security problem!


    Most SMTP interfaces for VMS allow the user some level of control
    over the headers, and allow the system manager control over the users
    if they can't be trusted.


  5. Re: How to set "From:" address in VMS MAIL

    Bill Gunshannon wrote:
    > In article <707aff7e-94cf-45e5-ba71-e9e51b046fae@l6g2000prm.googlegroups.com>,
    > Ken.Fairfield@gmail.com writes:
    >> On Jan 6, 3:45 pm, Tad Winters
    >> wrote:
    >> [...]
    >>
    >>> There is a logical called MULTINET_SMTP_REPLY_TO which might give you what
    >>> you need. I've used it many times to keep people from sending replies to
    >>> VMS systems which don't have MX records in DNS and aren't referenced by the
    >>> common mail servers.

    >> That logical does, indeed, set the Reply-to: address, but
    >> OutHouse still
    >> shows the From: address as sent. This may be sufficient... :-)
    >>

    >
    > If there is any way for the user to change the From: header of an
    > outgoing Email that would be a major security flaw in VMS. Unless
    > you don't see forging email as a security problem!
    >
    > bill
    >

    I don't see how forging any headers would be a security flaw. At least
    not in VMS itself. After all, You don't need vms mail (or pine) to send
    an email. There is nothing to prevent one from using a different method
    to create an email and send it. You can just telnet somewhere to port 25
    and supply all the information yourself.

    sol

  6. Re: How to set "From:" address in VMS MAIL

    In article <478241fd$0$9119$607ed4bc@cv.net>, sol gongola writes:
    > Bill Gunshannon wrote:


    >> If there is any way for the user to change the From: header of an
    >> outgoing Email that would be a major security flaw in VMS. Unless
    >> you don't see forging email as a security problem!
    >>
    >> bill
    >>

    > I don't see how forging any headers would be a security flaw. At least
    > not in VMS itself. After all, You don't need vms mail (or pine) to send
    > an email. There is nothing to prevent one from using a different method
    > to create an email and send it. You can just telnet somewhere to port 25
    > and supply all the information yourself.
    >
    > sol


    A really secure VMS system would be set to prevent end users from
    supplying applications they can run.

    But configuring a VMS machine that securely hardly seems worth it,
    considering the general state of the Internet.

  7. Re: How to set "From:" address in VMS MAIL

    In article
    <5138d915-cc4b-4f19-b10d-d016355c0eeb@e6g2000prf.googlegroups.com>,
    Ken.Fairfield@gmail.com writes:

    > So I'm looking for a no-cost work-around.


    The logical name TCPIP$SMTP_FROM.


  8. Re: How to set "From:" address in VMS MAIL

    In article <5uf4oqF1geadbU1@mid.individual.net>, billg999@cs.uofs.edu
    (Bill Gunshannon) writes:

    > If there is any way for the user to change the From: header of an
    > outgoing Email that would be a major security flaw in VMS. Unless
    > you don't see forging email as a security problem!


    Talking VMS MAIL and HP TCPIP here. Yes, the user can set it via a
    logical. However, the system manager can prevent this, and also the
    real address is included in an extra header.

    There are MANY reasons to legitimately change the default From: header.


+ Reply to Thread
Page 2 of 2 FirstFirst 1 2