On Thu, Jun 28, 2001 at 04:51:21PM +0100, James Powell wrote:
> What do people do here to send SMTP through their remote boxes but prevent
> them from becoming open relays (besides fixed IP, which is beyond me ATM)?
I don't do this, but some mailers now have a TLSv1 extension, which allows
you to go crypted after the initial EHLO command. By doing this, you can
allow specific client certificates through in terms of relaying. This is
fairly easy in exim. There's also an exim patch by Martin Keegan to allow
for any cert signed by a given cert, so that all you have to do is sign
the certificate to allow it to relay, rather than having to add it into
the config.
Alternatives are POP before SMTP, ssh tunnelling of the SMTP traffic,
SMTP AUTH (preferably with a CRAM-MD5 auth).
MBM
--
Matthew Byng-Maddick <[EMAIL PROTECTED]> http://colondot.net/
