Date: Wed, 5 Sep 2001 18:19:31 +0300 From: Giorgos Keramidas <charon@labs.gr> To: Igor Podlesny <poige@morning.ru> Cc: freebsd-isp@FreeBSD.ORG Subject: Re: auto relaying for subdomains -- why? Message-ID: <20010905181931.A436@hades.hell.gr> In-Reply-To: <16615694707.20010905210719@morning.ru>; from poige@morning.ru on Wed, Sep 05, 2001 at 09:07:19PM %2B0800 References: <16615694707.20010905210719@morning.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
[ Removed -hackers from Cc: header. Please do not cross-post. ] From: Igor Podlesny <poige@morning.ru> Subject: auto relaying for subdomains -- why? Date: Wed, Sep 05, 2001 at 09:07:19PM +0800 > My greetings! > > I noticed that some mailers (sendmail, postfix) in case they allow > relaying for somedomain.zone also allow relaying for > subdomain-of.somedomain.zone. > > I can accept this as reasonable behavior but would like to know how to > deny it! :) Also I wish to know what was the actual idea behind this? You mean like relaying based on envelope-from address? I think that this is *not* the default on most MTA installations. But then again, I might be mistaken for the specific MTA you have in mind. Yes, some mailers to have this feature. And you can usually get them to allow relaying from "domain.com", while also deny relaying from ".domain.com" at the same time. This will probably answer your questions, and you'll live happily ever-after. If you want to know how this is done in a specific MTA (sendmail or postfix, that you mentioned) you can always ask at questions@freebsd.org a more specific question. You will most certainly get rather informatice answers :-) Relaying based on envelope-addresses though is VERY dangerous, since that can be faked. A much safer ruleset for relaying would be based on envelope-to (i.e. the recipient is one that belongs to a local domain) on IP-address range (i.e. the sender is on one of the IP's that belong to the local network). In the first case, you are most likely the recipient of the message (it will be delivered to a local and/or virtual address). You dont want to 'lose' mail because it was blocked (unless of course some spam-filter catches the offending post, a bit further down its way, before it reaches a mailbox). In the second case, the sender of the message has to be one that comes from a well-known address. This way only certain hosts can relay through you, and all others are blocked. You dont want some silly spammer@from.a.random.domain to be able to fake his envelope-from and relay mail through your server now, do you? -giorgos To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010905181931.A436>