Re: [hylafax-users] Routing faxes to other fax servers based on phone number

[Lee Howard <faxguy@deanox.com>]

On 2002.03.22 06:45 Joe Phillips wrote:
> 
> I wasn't only talking about the broken-ness of email-to-fax systems but
> also email as a whole.  SMTP has little to no authentication built in.
> It's a store and forward system where the relays basically accept email
> from just about any other relay, headers can be easily forged, an open
> relay is easy to configure and exploit.

Curious, do you feel, then, that SMTP AUTH is useless?  I think that open 
mail relays (although still out there) have been diminishing in number 
since SMTP servers have been changing their defaults away from that 
configuration.  Granted, nothing stops an admin from opening it up because 
"it's easier" to configure that way.

> In designing a HylaFAX least-cost-routing solution, we should be aware
> of these problems and try to learn from them.

Agreed.  Other than the hfaxd communication being in cleartext, do you 
dislike its authentication method otherwise?

> I wonder if we should consider integrating crypto into such a solution.
> Say for example, we only allow signed fax jobs to enter the network.
> Servers
> have public/private keys assigned, etc.
> 
> it can get complicated.

Yes, it can.

Lee.

____________________ HylaFAX(tm) Users Mailing List _______________________
 To unsub: mail -s unsubscribe hylafax-users-request@hylafax.org < /dev/null