On Wed, 13 Mar 1996, John Henders wrote:
> Philip Hazel writes:
> >
> > This facility still does not stop some evil person out there in the
> > world telnetting to your SMTP daemon and typing:
> >
> > MAIL FROM: Neal.Becker@???
> > RCPT TO: <any address in the world>
> >
>
> Why can't this be stopped, though? If <any address in the world> is not
> a local address, or part of a list of domains we want to accept and
> forward mail to, I don't see it as that difficult a test, and I can't
In that case you are effectively not doing any check on MAIL FROM. That
is an obvious possibility.
> see any major problem it would cause. Local outgoing mail typically
> wouldn't be a problem, as either it originates from the local machine
> through a different mechanism,
Not always. Netscape sends mail by connecting to 127.0.0.1, I discovered
the other day.
> or, it originates from domains we can
Do you mean "hosts" rather than domains?
> As we already have a (relatively) valid identification of connecting
> machines, it seems that some fairly basic rules could be put in place to
> stop this.
I will think about suitably flexible rules that will cope with a number
of different requirements. But not till the middle of April, I'm afraid.
> One question. When a mailer from offsite has a piece of mail to deliver
> to a user on your site, and that user is one of several hundred entries
> on the To: line, does the offsite mailer deliver it to your mailer and
> expect your mailer to deliver it to the other entries on the To: line,
> or does it just enter a RCPT TO: your_local_user?
The latter, if it is behaving properly. Otherwise the message would
travel through several hundred machines before it got to the final
recipient.
--
Philip Hazel University Computing Service,
ph10@??? New Museums Site, Cambridge CB2 3QG,
P.Hazel@??? England. Phone: +44 1223 334714