TZUTC: -0400   
   MSGID: 97.fido-net_dev@1:3634/12 2305d7fd   
   REPLY: 2:280/464.47@fidonet 5ea09cfb   
   PID: Synchronet 3.18a-Linux  Apr 22 2020 GCC 7.5.0   
   TID: SBBSecho 3.10-Linux r3.160 Apr 22 2020 GCC 7.5.0   
   CHRS: ASCII 1   
   NOTE: FSEditor.js v1.103   
     Re: Pssword ord ord case insensitive or not?   
     By: Oli to Alan Ianson on Wed Apr 22 2020 21:37:31   
      
      
    Oli> I wonder why we still use packet passwords.   
      
   at one time, fidonet has had some folks that like to ""play games""... one of   
   their games was to take messages from another (adult-oriented) network,   
   replace their headers with message headers from legitimate fidonet messages,   
   and then drop those bogus messages off in unsuspecting systems inbounds...   
   they generally used someone else's node number for these injections... at that   
   time, packet passwords were not as widely used and figuring out how to get a   
   system's session password was (and still is) fairly easy to do... one of the   
   suspected goals of these pranksters(??) was to try to increase security in   
   fidonet... so the victim systems, saw the mail from a supposedly legitimate   
   link and tossed it... the result was chaos...   
      
    Oli> Why not create a inbound filebox for every node/point that calls   
    Oli> and rely on the session password?   
      
   two layers of protection are better than one... at least, that's the current   
   thought... witness today's internet logins using a password as well as an   
   authentication token sent via SMS or similar...   
      
    Oli> Is there any (open source) mailer or tosser that support inbound   
    Oli> fileboxes?   
      
   binkd supports inbound fileboxes... i'm not sure about tossers, though...   
      
   when i was using inbound fileboxes on my previous system, i had a script that   
   located inbound traffic in the inbound fileboxes and moved it to a central   
   processing directory where the tosser could find it... in addition to moving   
   the traffic, the script did some additional processing to attempt to validate   
   the traffic as being authentic before the tosser was allowed to process it...   
   the traffic was also archived for later analysis if needed... it wasn't really   
   pretty but it worked ;)   
      
      
   )\/(ark   
   --- SBBSecho 3.10-Linux   
    * Origin: SouthEast Star Mail HUB - SESTAR (1:3634/12)   
   SEEN-BY: 1/120 123 18/0 200 90/1 103/705 116/116 120/340 601 123/0   
   SEEN-BY: 123/25 50 150 160 170 755 135/300 153/7001 7715 154/10 30   
   SEEN-BY: 154/40 50 700 203/0 221/0 6 226/30 227/114 400 229/426 1014   
   SEEN-BY: 240/5832 249/206 317 261/38 280/464 5003 288/100 292/854   
   SEEN-BY: 292/8125 300/4 310/31 317/3 322/757 342/200 396/45 423/120   
   SEEN-BY: 633/280 712/848 770/1 3634/0 12 15 24 27 50 119   
   PATH: 3634/12 154/10 280/464 229/426