Nothing saying you can't have something along the lines of 127.0.0.1 RELAY
If no other IP's are listed and you have access_db feature turned on, then that would make is so that only the MX itself would be able to relay. Now, one thing I would think that could be potentially ugly is if any script/CGI/program/whatever that may be running on that box had the potential to send out emails unchecked. You might provide a nice little proxy for some evil spam sender. Without the From: in the line, sendmail should check the originating IP for the connection. And iptables can be configured to drop any packets coming in on public interfaces with a destination IP spoofed of 127.0.0.1. > From: Alexander Dalloz <[EMAIL PROTECTED]> > Subject: Re: [Mimedefang] Custom Configuration > > Am Fr, den 12.11.2004 schrieb Yang Xiao um 21:01: > >> In the access table >> I added >> >> From:localhost.mydomain.com RELAY >> From:mydomain.com REJECT >> >> since this is the incoming mxhost, I don't expect any valid sender >> from the internal domain. >> Do you see any potential problems with this? i.e. emails generated >> from the localhost and etc.... > >> Yang > > Relaying based on FROM: (envelope sender information) is dangerous as it > can be easily faked. > > Alexander _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang