Tim wrote:
On Sun, 2007-10-28 at 17:27 +0900, John Summerfield wrote:
Anyone who thinks identd provides any security at all wrt computers
they don't control is ignorant or stupid.
It's trivial to find (or even, at a pinch write/modify one) a fake
identd that will say anything one chooses; anyone implementing
security assuming otherwise is trusting the untrustworthy.
Too true, but unfortunately that doesn't stop some ISPs from leaving
their mail servers configured to check for it. Nor does it stop many
Sendmail used to do that. I don't normally use sendmail these days, so
couldn't say whether it's changed. It'd be pretty simple for the pfy to
overlook it.
--
Cheers
John
-- spambait
1aaaaaaa@xxxxxxxxxxxxxxxx Z1aaaaaaa@xxxxxxxxxxxxxxxx
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
Please do not reply off-list
