Date: Fri, 18 May 2001 15:01:47 -0400 (EDT) From: Rob Simmons <rsimmons@wlcg.com> To: Olivier Nicole <Olivier.Nicole@ait.ac.th> Cc: huacheng@public.guangzhou.gd.cn, freebsd-security@FreeBSD.ORG Subject: Re: AUTH and sendmail Message-ID: <Pine.BSF.4.21.0105181458340.52790-100000@mail.wlcg.com> In-Reply-To: <200105181518.WAA12362@bazooka.cs.ait.ac.th>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160 If you have a firewall, it should be setup to block internal IPs coming in through the external interface. If you also only allow port 25 on your mx servers, it is safe to put all your internal IPs in /etc/mail/access as open relays. Spammers wouldn't be able to spoof one of your internal IPs since the firewall would drop it. Robert Simmons Systems Administrator http://www.wlcg.com/ On Fri, 18 May 2001, Olivier Nicole wrote: > Hi, > > Funny enough I worked on that last week and finished buddling a web > age for my users today (http://www.cs.ait.ac.th/laboratory/email/) > > I use poprelayd, from http://poprelay.sourceforge.net (with some > little modif) that is a perl script that reads /var/log/maillog (it > goes fine with the newsyslog) and extract pop/imap authetication > information. > > The it adds a temporary open relay for the client IP in a table, for > 15 minutes, as mail prgram typically check email every 10 minutes, > relay is open as long as the mail program is running. There could be a > 15 minutes window where someone else could connect using the same IP > and could use your email server as an open relay... risk is very > unlikely. > > Advantage: it working with plain pop or imap, so basically any client. > > Olivier > > > we found use 4.3freebsd sendmail default setup is a safer choice for our > > mailserver. But we have many staff outside want to access our mailserver by > > dialup, but with default sendmail conf they can't relay the mail they sent > > when they stay outside. (use pop3 receive mail not problem), now we > > advise staff outsite use our mailserver receive mail but use local ISP's > > mailserver send mail. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.5 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7BXGfv8Bofna59hYRA3nbAJ4lvskjb2PF0k/cEz1yHoNVPGqJBACfSzSq FBXFcUy9ouV0ghH0rVdEKi0= =8cBp -----END PGP SIGNATURE----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0105181458340.52790-100000>