On Fri, Apr 05, 2002 at 03:39:23PM -0500, Scott Gifford wrote: > Henning Brauer <[EMAIL PROTECTED]> writes: > > On Fri, Apr 05, 2002 at 03:09:38PM -0500, Ed Abrams wrote: > > > My problem: We are working with domain name registrars. When a user > > > registers his domain with one of our partners, that partner will create an > > > MX record for that new domain, and that MX record will point to our email > > > server. [without notifying you] > > So the rule would be "accept and deliver all mail for domains with an MX > > pointing to me". > > That's insane and fscking insecure. > What's insecure about it, as long as any mail that comes this way is > always delivered locally (which seemed to be what Ed wanted), and > never relayed to another server?
okay, the real question is what happens afterwards with the mail. having the domain in locals and rcpthosts is not enough as we all know. As you did not mention that I guess there is some kind of program delivery, and with this in mind (specifically, I had an autocreated mailbox with webmail access in mind), everybody can (ab)use your service by just adding MX entries to whatever domain. -- | Henning Brauer | PGP-Key: http://misc.bsws.de/hb/pubkey.asc | BS Web Services | Roedingsmarkt 14, 20459 Hamburg, DE | http://bsws.de Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
