On 12/17/2010 9:28 AM, Jason Bertoch wrote:
On 2010/12/17 12:19 PM, Ted Mittelstaedt wrote:
why are you using authenticated SMTP from trusted networks?
The whole point of auth smtp is to come from UN-trusted networks.
In the OP's case, his authenticating server is separate from his SA
server. In any case, the server indicating authentication (localhost or
otherwise) should be a trusted server, else you don't trust the
authentication.
auth-smtp is only a speedbump to the spammers, it blocks the
dumb ones. A sophisticated spammer can hijack a machine and use
it's authenticated SMTP connection to it's mailserver to send
spam. I never trust the authentication.
If your
authentication server is relaying for spammers, you've got an entirely
different problem.
No, not really. You as an administrator cannot control what your users
do and if your users save their authenticated SMTP passwords into their
e-mail clients then later allow their machines to be cracked, then the
crackers get the auth password and away they go.
As I said, that is a different problem. Feel free not to use smtp-auth,
or require VPN first, or whatever makes you happy.
Depends on what your users need. You apparently have savvy ones so
you have gotten soft. I have ignorant ones so I trust nobody.
Ted
