On Tue, 16 Apr 2002 Alexander.O'[EMAIL PROTECTED] wrote:
>
> No one has mentioned restricting the commands on the server like VRFY and
> HELP etc... If you cant verify a name on the server then the person who is
> faking emails from your server will have a harder time of sending emails
> from your server.
>
> One of the main problems I have seen with mail servers is that people leave
> them wide open to be used as a mail relay, one way to help reduce this is
> to use your ISPs mail servers as the entry and exit point for mail. This
> way you only need to set your mail server or firewall to allow SMTP
> connections to your mail server from their mail server thus reducing the
> chance of having your mail sever being used to send spam mail. Also I
> strongly advise you turn relaying of on you mail server as this will get
> rid of a lot of the fake emails being sent from your server, but if you can
> don the above this should stop the problem anyway.
Not all ISP's have a clue, and the clueless number with open relays
increases in a market whence no one wants to pay the cost of maintaining
skilled personell. This is further mitigated at those sites whence new
equipments is placed into service over older stuff that might have been
properly confiured earlier by the skilled folks let go.
The key here is do not trust others to maintain your configurations and do
your job for you. Do it yourself, then you are sure it's done right.
Thanks,
Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
