[Mimedefang] Custom Configuration
Ian Mitchell
junk at aftermagic.com
Mon Nov 15 08:45:07 EST 2004
Nothing saying you can't have something along the lines of
127.0.0.1 RELAY
If no other IP's are listed and you have access_db feature turned on, then
that would make is so that only the MX itself would be able to relay. Now,
one thing I would think that could be potentially ugly is if any
script/CGI/program/whatever that may be running on that box had the
potential to send out emails unchecked. You might provide a nice little
proxy for some evil spam sender.
Without the From: in the line, sendmail should check the originating IP
for the connection. And iptables can be configured to drop any packets
coming in on public interfaces with a destination IP spoofed of 127.0.0.1.
> From: Alexander Dalloz <ad+lists at uni-x.org>
> Subject: Re: [Mimedefang] Custom Configuration
>
> Am Fr, den 12.11.2004 schrieb Yang Xiao um 21:01:
>
>> In the access table
>> I added
>>
>> From:localhost.mydomain.com RELAY
>> From:mydomain.com REJECT
>>
>> since this is the incoming mxhost, I don't expect any valid sender
>> from the internal domain.
>> Do you see any potential problems with this? i.e. emails generated
>> from the localhost and etc....
>
>> Yang
>
> Relaying based on FROM: (envelope sender information) is dangerous as it
> can be easily faked.
>
> Alexander
More information about the MIMEDefang
mailing list