+ Scott Gifford <[EMAIL PROTECTED]> [05.04.02 22:53]:
> Henning Brauer <[EMAIL PROTECTED]> writes:
>
> > So the rule would be "accept and deliver all mail for domains with an MX
> > pointing to me".
> > That's insane and fscking insecure.
>
> What's insecure about it, as long as any mail that comes this way is
> always delivered locally (which seemed to be what Ed wanted), and
> never relayed to another server?
That depends on your view of "secure" - just a simple example:
Think of a broadwing-dialin user who is thinking that your mailserver is
an open relay. He would immediately start using your machine as relay to
send out billions of mails to thousands of domains. And you would take
them all as local ones.
Happy cleaning then :)
Only solution would be an MX checking - which might be forged too.
Balu
PS: broadwing-dialin users won't recognize that your mailserver does not
send the mails on. The SPAMmers from there were trying to abuse our
servers for quite some time - not recognizing that all mails got
rejected with relaying denied. I didn't have the time to set up a
tarpit, so I am blocking the complete broadwing dialin-block by now...
