Is that spoofing - General question

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Is that spoofing - General question

jcdole
HEllo.

Postfix on a local network without a real internet domain name.
The mail server is on a specific computer.
Outbound mail are delivery by using a relay [smtp.someISP.com] using tls on
port 465
Local mail stay on the server
Less than 40 users

In a company, a linux user (userA) need to send an email to a colleague
(userB), but he can't use his own computer and ask a colleague (userC) if he
can use his computer. The colleague say yes but ask to not log out.
userA edit his mail :
give the sender   : [hidden email]
give the sender name : userA
give the sender password : pass_user
give the receiver : [hidden email]

Then send the mail.
But the mail is sent under the linux account of userC which is the logged
user.

Is it possible or not (spoofing ?).

Any comment is welcome.



--
Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html
Thank you for helping
________
Opensuse Leap 15
Reply | Threaded
Open this post in threaded view
|

Re: Is that spoofing - General question

Richard Damon
Email address (and user name to authenticate email) not matching the log in user name, totally not spoofing in my book, and in fact can be ‘required’ by some security guidelines. (You publicize your email address, it really shouldn’t be part of your security credentials, that just vastly cuts down the space needed to guess to get into the system).

There are lots of reasons a person may want multiple email addresses and several for multiple people sharing an address (like a generic support or sales address). You could have a n:n lookup to see if a given login is authorized to use a given email address, but that would also imply that you disallow the situation described.

> On Aug 24, 2018, at 12:35 PM, jcdole <[hidden email]> wrote:
>
> HEllo.
>
> Postfix on a local network without a real internet domain name.
> The mail server is on a specific computer.
> Outbound mail are delivery by using a relay [smtp.someISP.com] using tls on
> port 465
> Local mail stay on the server
> Less than 40 users
>
> In a company, a linux user (userA) need to send an email to a colleague
> (userB), but he can't use his own computer and ask a colleague (userC) if he
> can use his computer. The colleague say yes but ask to not log out.
> userA edit his mail :
> give the sender   : [hidden email]
> give the sender name : userA
> give the sender password : pass_user
> give the receiver : [hidden email]
>
> Then send the mail.
> But the mail is sent under the linux account of userC which is the logged
> user.
>
> Is it possible or not (spoofing ?).
>
> Any comment is welcome.
>
>
>
> --
> Sent from: http://postfix.1071664.n5.nabble.com/Postfix-Users-f2.html