Re: several messages

Página superior
Este mensaje es parte del siguiente hilo:
MEl árbol completo de hilos, ordenados por fecha
M 
MJohn Henders, mensaje del ->
Eliminar este mensaje
Responder a este mensaje
Autor: Philip Hazel
Fecha:  
A: Neal Becker, Nigel Metheringham
Cc: exim-users, Neal Becker
Temas antiguos: Re: feature request
Asunto: Re: several messages
On Tue, 12 Mar 1996, Neal Becker wrote:

> I have a proposal for a feature. If no_middleman is turned on, we
> won't act as a middleman for mail. Specifically, we will only accept
> mail if either the sender or the recipient is within some set of
> domains. This could be used to prevent abuse of our mail gateway.
> Specifically, we would not accept mail that neither originates in our
> domain nor terminates in our domain (or some configurable set of
> domains).
>

On Tue, 12 Mar 1996, Nigel Metheringham wrote:

> allowing of course for forwarded mail, and for mail effectively
> forwarded by a smartuser configuration....

The check could be applied to the original incoming addresses, i.e. you
refuse if MAIL FROM does not contain one of the acceptable domains and
there is at least one RCPT TO that doesn't contain an acceptable domain.
Perhaps, if MAIL FROM is unacceptable, you bounce just those RCPT TO's
that are unacceptable. In other words

(a) If MAIL FROM is acceptable, don't check RCPT TO;
(b) Otherwise, accept only acceptable RCPT TOs.

The default set of domains to check would naturally be local_domains,
but there could be additional accept/reject lists.

Of course, if you were serious about this, you would also have to turn
off the "percent hack" facility, as otherwise mail to 

    user%foreign.domain@???


would get through. There is already an option (percent_hack_domains) to
do this. However, the RFC 822 syntax 

    @local.domain:user@???


would get through if only the immediate first domain were checked. Hmm.
I suppose the check has to be on the final domain.

This facility still does not stop some evil person out there in the
world telnetting to your SMTP daemon and typing:

MAIL FROM: Neal.Becker@???
RCPT TO: <any address in the world>

but it might help to stop some of the more obvious abuses such as
sending genuine mail via your mail systems.

[We too have had the occasional abuse of our systems in this way, but
nothing serious. One user in Oxford was found to be routing all mail
from his workstation via our machine "because here in Oxford they won't
give me mail access"...] 



--
Philip Hazel                   University Computing Service,
ph10@???             New Museums Site, Cambridge CB2 3QG,
P.Hazel@???          England.  Phone: +44 1223 334714




Este mensaje se envió a las siguientes listas de correo:
Exim-users
Información de la lista de correo | Mensajes cercanos		<-Re: feature requestRe: several messages->
Tahini and Hummus and Cumin Development Archives administrado por cumin AdminsLurker (versión 2.3)