Date: Tue, 22 Jan 2002 11:18:16 -0500 From: Chris Thomas <resopmok@gramsc1.dyndns.org> To: freebsd-security@freebsd.org Cc: "Asep Ruspeni" <asepruspeni@yahoo.com> Subject: Re: relaying mail from DHCP clients Message-ID: <20020122111816.5e70b6ff.resopmok@gramsc1.dyndns.org> In-Reply-To: <20020122112913.N58243@heresy.dreamflow.nl> References: <20020122101115.P25912-100000@camelia.dnt.ro> <002701c1a328$9aac7fa0$2e020a0a@mti.itb.ac.id> <20020122112913.N58243@heresy.dreamflow.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
as i recall, FEATURE(accept_unresolvable_domains) does not have anything to do with relaying mail, but accepting mail (i.e., it will allow a mail from user@this.name.does.not.resolve to be received to the mail server. also useful for running mail in self-contained LANs that have no internal DNS.) this part of the discussion is where security actually comes into play, and is useful to have on a semi-infrequent basis.. in order for clients to use your SMTP server to relay mail, either their IPs or names must be listed in /etc/mail/access (with the database rehashed). this means one of the following 3 things needs to be done: 1) add the specific IP of your client to /etc/mail/access 2) use an open relay, so anyone can relay with your server (very unwise) 3) use pop3 before relay authentication. it is wise to only allow clients from inside your LAN to relay mail, preventing your server from being used as a relay by spammers (note that you can specify an IP range in /etc/mail/access). open mail relays are a problem, and they can get you blacklisted fairly easily (www.ordb.org). pop3 authentication is a viable solution, but can be somewhat difficult to ipmlement with sendmail. -chris On Tue, 22 Jan 2002 11:29:13 +0100 Bart Matthaei <bart@dreamflow.nl> wrote about Re: relaying mail from DHCP clients: ||On Tue, Jan 22, 2002 at 04:38:44PM +0700, Asep Ruspeni wrote: ||> any further suggestions? || ||Did you try the suggestion i made ? || ||FEATURE(accept_unresolvable_domains) (see my first mail on the ||subject) || ||As far as I know, it's a config option for sendmail to deny relaying ||for unresolved ip's. Try looking trough the FAQ at sendmail.org. || ||Regards, || ||Bart Matthaei || ||-- ||Bart Matthaei bart@dreamflow.nl || ||Young Urban Professional In short: YUP || ||"The whacky morning DJ says democracy's a joke" || To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020122111816.5e70b6ff.resopmok>