From owner-freebsd-questions@FreeBSD.ORG  Sun Mar 24 16:14:44 2013
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by hub.freebsd.org (Postfix) with ESMTP id 26EFAED8
 for <freebsd-questions@freebsd.org>; Sun, 24 Mar 2013 16:14:44 +0000 (UTC)
 (envelope-from feenberg@nber.org)
Received: from mail2.nber.org (mail2.nber.org [66.251.72.79])
 by mx1.freebsd.org (Postfix) with ESMTP id CE1592A6
 for <freebsd-questions@freebsd.org>; Sun, 24 Mar 2013 16:14:43 +0000 (UTC)
Received: from nber6 (nber6.nber.org [66.251.72.76])
 by mail2.nber.org (8.14.4/8.14.4) with ESMTP id r2OGEZj9012632;
 Sun, 24 Mar 2013 12:14:36 -0400 (EDT)
 (envelope-from feenberg@nber.org)
Date: Sun, 24 Mar 2013 12:01:11 -0400 (EDT)
From: Daniel Feenberg <feenberg@nber.org>
X-X-Sender: feenberg@nber6
To: Doug Hardie <bc979@lafn.org>
Subject: Re: Client Authentication
In-Reply-To: <8680FAB3-4943-4F91-935B-E11511C3FD4E@lafn.org>
Message-ID: <Pine.GSO.4.64.1303241157190.22196@nber6>
References: <B2DC7342-9F1A-489A-94F0-49802B1E5DF6@lafn.org>
 <CAOgwaMvu+OC4PiPfNNwoj7aB+631Nt_=SwjFG9y89+avB6Mp9Q@mail.gmail.com>
 <8680FAB3-4943-4F91-935B-E11511C3FD4E@lafn.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
X-Anti-Virus: Kaspersky Anti-Virus for Linux Mail Server 5.6.39/RELEASE,
 bases: 20130324 #9781581, check: 20130324 clean
Cc: "freebsd-questions@freebsd.org List" <freebsd-questions@freebsd.org>
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Mar 2013 16:14:44 -0000



On Sat, 23 Mar 2013, Doug Hardie wrote:

>
> On 23 March 2013, at 21:51, Mehmet Erol Sanliturk <m.e.sanliturk@gmail.com> wrote:
>
>>
>> Using Static IP in the client side , and checking Static IP of the user 
>> may be a possibility : In that way , any message from another IP will 
>> not be accepted .
>>
>> If this is possible for your systems , it may be checked for usability 
>> .
>>
>> One difficulty is that each user should obtain a Static IP and can not 
>> connect to his/her ISP from another IP .
>>
>> Good side is that nobody can connect to ISP of the user from another IP 
>> : It supplies hardware security ( we are assuming that the user 
>> computer is not captured ) ..
>
> That is an interesting idea, but unfortunately our users tend to travel 
> a lot and need to be able to access mail from anywhere.  Also, static 
> IPs can get quite expensive from some ISPs.  Our users are pretty much 
> on fixed incomes and any expense is a hardship for them.

Can you filter outgoing mail with Spamassassin? How about refusing to 
relay mail from addresses in a good DNSBL? Do you rate-limit outgoing
mail? Can you just refuse to relay mail from other continents, using
a geolocation service?

daniel feenberg

>
> -- Doug
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
>