- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- How to disable elm spoofing?
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-09-2005 11:23 AM
11-09-2005 11:23 AM
How to disable elm spoofing?
From:Wally
for a user, effectively shows any email the user sends (from elm) to be from Wally whose email address is fred.flintstone@hp.com.
This has been deemed a security threat. Is there someway (elmrc, sendmail,...) where this functionality can be disabled?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-09-2005 02:09 PM
11-09-2005 02:09 PM
Re: How to disable elm spoofing?
Good day to you !
Check the url below (docID : IVKBRC00006781) about 'How to configure masquerading (site hiding)' :
http://www1.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000062907049
Hope this information can help, let me know if it doesnt.
Cheers,
AW
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-10-2005 03:23 AM
11-10-2005 03:23 AM
Re: How to disable elm spoofing?
The link you provided has some interesting info - but I don't see how it relates to the problem I am having. I need to know how to disable the "From:" feature (in elmheaders) in elm. I would think there would be an official HP document as this is a security risk on all HP-UX systems...
BW
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-10-2005 03:59 AM
11-10-2005 03:59 AM
Re: How to disable elm spoofing?
However, this is all but a waste of time because the security hole (if you want to call it that) is woven into the fabric of the mail protocol itself. It is trivially easy to modify the 'From' header line at any step along the way. Remember, one could build the entire mail message by hand (or by shell script) and it would be equally compromised. I readily admit that elm makes it easier to modify the From header but closing that hole by no means transforms mail into something secure. You should also note that the "From" entry in the elmheaders file also has perfectly legitimate uses so you could be throwing out the baby with the bathwater.
What might satisfy your auditors is a cron job that scans the /home directory looking at the contents of the elmheaders files and issues a message when a suspicious entry is found.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-10-2005 05:30 AM
11-10-2005 05:30 AM
Re: How to disable elm spoofing?
Someone could just as easily do this via mailx, etc.
Why is this considered a security hole?
If there is ever a problem, the message-id can be traced back via the mail.log to the actual sender.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-10-2005 10:00 AM
11-10-2005 10:00 AM
Re: How to disable elm spoofing?
With all the security issues surrounding spoofing, I was hoping HP had a patch or other way of disabling the feature. A cron job was talked about - but how long would it take someone to rename a file to elmheaders, send an email and delete the elmheaders file? To quickly to catch with a cron job.
The mail.log file (even with logging level set high) does not supply the "true" sender in all cases. ctladdr gives the corresponding username for the uid, but not the loginname of the user. Thanks for your help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-10-2005 10:15 AM
11-10-2005 10:15 AM
Re: How to disable elm spoofing?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-10-2005 11:25 AM
11-10-2005 11:25 AM
Re: How to disable elm spoofing?
What you can do is make sure the mail is true before it gets out to the public Internet.
With good sendmail configuration and control of what user mail tools are used you can control how the mail looks on the way out.
Command line Unix is not something everybody needs. Usually that is.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-11-2005 05:34 AM
11-11-2005 05:34 AM