From owner-freebsd-isp Wed Sep 5 11: 2:27 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by hub.freebsd.org (Postfix) with ESMTP id 0C18837B405 for ; Wed, 5 Sep 2001 11:02:23 -0700 (PDT) Received: from hades.hell.gr (patr530-b030.otenet.gr [195.167.121.158]) by mailsrv.otenet.gr (8.11.5/8.11.5) with ESMTP id f85I2G719830; Wed, 5 Sep 2001 21:02:16 +0300 (EEST) Received: (from charon@localhost) by hades.hell.gr (8.11.6/8.11.6) id f85FJVV00690; Wed, 5 Sep 2001 18:19:31 +0300 (EEST) (envelope-from charon@labs.gr) Date: Wed, 5 Sep 2001 18:19:31 +0300 From: Giorgos Keramidas To: Igor Podlesny Cc: freebsd-isp@FreeBSD.ORG Subject: Re: auto relaying for subdomains -- why? Message-ID: <20010905181931.A436@hades.hell.gr> References: <16615694707.20010905210719@morning.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <16615694707.20010905210719@morning.ru>; from poige@morning.ru on Wed, Sep 05, 2001 at 09:07:19PM +0800 X-PGP-Fingerprint: 3A 75 52 EB F1 58 56 0D - C5 B8 21 B6 1B 5E 4A C2 X-URL: http://students.ceid.upatras.gr/~keramida/index.html Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org [ Removed -hackers from Cc: header. Please do not cross-post. ] From: Igor Podlesny Subject: auto relaying for subdomains -- why? Date: Wed, Sep 05, 2001 at 09:07:19PM +0800 > My greetings! > > I noticed that some mailers (sendmail, postfix) in case they allow > relaying for somedomain.zone also allow relaying for > subdomain-of.somedomain.zone. > > I can accept this as reasonable behavior but would like to know how to > deny it! :) Also I wish to know what was the actual idea behind this? You mean like relaying based on envelope-from address? I think that this is *not* the default on most MTA installations. But then again, I might be mistaken for the specific MTA you have in mind. Yes, some mailers to have this feature. And you can usually get them to allow relaying from "domain.com", while also deny relaying from ".domain.com" at the same time. This will probably answer your questions, and you'll live happily ever-after. If you want to know how this is done in a specific MTA (sendmail or postfix, that you mentioned) you can always ask at questions@freebsd.org a more specific question. You will most certainly get rather informatice answers :-) Relaying based on envelope-addresses though is VERY dangerous, since that can be faked. A much safer ruleset for relaying would be based on envelope-to (i.e. the recipient is one that belongs to a local domain) on IP-address range (i.e. the sender is on one of the IP's that belong to the local network). In the first case, you are most likely the recipient of the message (it will be delivered to a local and/or virtual address). You dont want to 'lose' mail because it was blocked (unless of course some spam-filter catches the offending post, a bit further down its way, before it reaches a mailbox). In the second case, the sender of the message has to be one that comes from a well-known address. This way only certain hosts can relay through you, and all others are blocked. You dont want some silly spammer@from.a.random.domain to be able to fake his envelope-from and relay mail through your server now, do you? -giorgos To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message