Hi,
I'm trying to get tcpserver working to check access based on domain names, I
particulary want to use this in combination with pop-3.
I used the following pop.filter
.mydomain.com:allow
123.123.123.1:allow
123.123.123.2:allow
127.:allow
:deny
with the following startup line:
tcpserver -v -a
'qmail maillist'
> Subject: tcpserver control on domain name
>
> Hi,
>
> I'm trying to get tcpserver working to check access based on domain names,
> I particulary want to use this in combination with pop-3.
> I used the following pop.filter
> .mydomain
PROTECTED]]
Sent: Thursday, May 06, 1999 12:10 PM
To: 'qmail maillist'; 'Bart van Kaathoven (DSN)'
Subject: RE: tcpserver control on domain name
tcpserver rules only work on ip basis, so change the .mydomain.com to your
range of ip adresses and everthing should wor
On Thu, May 06, 1999 at 12:15:16PM +0200, Bart van Kaathoven (DSN) wrote:
> Hi,
>
> The problem however is that mydomain.com contains a LOT of ip-ranges which
> makes it unrealistic to add all the ip-ranges. Previously when using
> tcpserver 0.50 there was a patch which allowed dns-based access c
> If someone controlled the reverse mapping for a range of IP addresses and
knew
> your domain name, he could make one of his addresses reverse map to a name
in
> your domain and gain access you don't want him to have.
You can compare the forwards and reverse nameservice to make sure that they
ar
Chris Johnson writes:
> There's no security in using domain names for access control, since reverse
> mapping of names can be spoofed easily.
Otoh, you *can* use them for denial control, since nobody is going to
go out of their way to deny themselves service.
--
-russ nelson <[EMAIL PROTECTED
EMAIL PROTECTED]]
Sent: Thursday, May 06, 1999 2:53 PM
To: Chris Johnson; Bart van Kaathoven (DSN)
Cc: 'qmail maillist'
Subject: Re: tcpserver control on domain name
> If someone controlled the reverse mapping for a range of IP addresses and
knew
> your domain name, he could make
