From owner-freebsd-hackers Thu Sep 6 12:58:18 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from falcon.mail.pas.earthlink.net (falcon.mail.pas.earthlink.net [207.217.120.74]) by hub.freebsd.org (Postfix) with ESMTP id 8189B37B406; Thu, 6 Sep 2001 12:58:10 -0700 (PDT) Received: from mindspring.com (dialup-209.244.104.168.Dial1.SanJose1.Level3.net [209.244.104.168]) by falcon.mail.pas.earthlink.net (8.11.5/8.9.3) with ESMTP id f86Jw4L12715; Thu, 6 Sep 2001 12:58:05 -0700 (PDT) Message-ID: <3B97D579.921CBCE9@mindspring.com> Date: Thu, 06 Sep 2001 12:58:49 -0700 From: Terry Lambert Reply-To: tlambert2@mindspring.com X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Igor Podlesny Cc: Gregory Neil Shapiro , freebsd-isp@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re: auto relaying for subdomains -- why? References: <16615694707.20010905210719@morning.ru> <15254.22980.843972.348805@horsey.gshapiro.net> <8264494448.20010906104039@morning.ru> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Igor Podlesny wrote: > Yes, I saw this info here: > http://www.sendmail.org/m4/features.html#relay_mail_from but most > valuable part of my question was about the purpose or the idea behind > this, cause it's not too clear to me why allowing relaying for domain > FOO.BAR should allow relaying for SUB.FOO.BAR? I mentioned RFCs > because I had a hope to find out the answer from it but still haven't > yet... Whose account name at your customer's site are you going to intentionally render unintelligble, and force them to change their business cards and stationary? Alternately, why wouldn't they just say "screw you", and set their masquerade features to make all the machines lie and say they were sending from the domain? What are you trying to accomplish by prohibiting some machines legitimately in a delegated subdomain (for which account and other authority has been vested in someone other than the main site administrator, such as a departmental administrator) from sending legitimate email? Why do you want them to have to jump through hoops in order to be able to send email which they will ultimately jump through the hoops -- and send through your relay anyway? What possible legitimate purpose is serves by letting send email, but prohibiting from sending mail? I suspect that you are more concerned with having only a single MAIL_HUB relaying email through you, rather than actually prohibiting people from using delegated subdomains. If so, then your problem is because you are trying to use the wrong tool to accomplish your task: do not use domain naming to try to control relaying, or people will simply spoof their source addresses, and relay an incredible amount of SPAM through your mail relays, since they will leak like a sieve. Also note: even if you prohibit outbound, you _can't_ do the same for inbound, without prohibiting delegation of subdomains. This would be like me insisting that you not use the email address , because at the top level, I will only allow relaying for , since "morning.ru" is a delegation from "ru". In other words, if you are trying to solve a problem, tell us the problem, don't ask us how to implement your proposed answer to a secret problem you won't share with us. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message