Re: Prevention of realying offsite.

Top Page
Delete this message
Reply to this message
Author: Jon Morby
Date:  
To: Philip Hazel
CC: Chris Thompson, woods, exim-users
Subject: Re: Prevention of realying offsite.

So long as we can say "we know we are an MX for these sites".

I've found that an a few people have added relay-x.mail.fido.net as an MX for
their domain, and I knew nothing about it.

I'm currently refusing to relay mail for domains that I don't know about

sender_host_accept_relay    = partial-dbm;/usr/exim/cf/db/mx_hosts


where mx_hosts contains a list of routing info, and doubles as a list of
domains I know about ...

*.z1.fidonet.org mail-relay.fidouk.org. bydns_a
*.z2.fidonet.org mail-relay.fidouk.org. bydns_a
*.z3.fidonet.org mail-relay.fidouk.org. bydns_a
*.z4.fidonet.org mail-relay.fidouk.org. bydns_a
*.z5.fidonet.org mail-relay.fidouk.org. bydns_a
*.z6.fidonet.org mail-relay.fidouk.org. bydns_a
*.bbs.fidouk.org mail-relay.fidouk.org. bydns_a
#
# Machines I'm secondary for
#
*.fidouk.org              $domain                 bydns_a
*.mental.org             kfs.org.                bydns_a
*.4.4.tpc.int            fax-gw.demon.net.       bydns_mx
*.bofh.org                      $domain                 bydns_mx
*.insecure.net          $domain                 bydns_mx
*.womble.org            $domain                 bydns_mx
*.apathy.org            $domain                 bydns_mx
*.fastfacts.com         $domain                 bydns_mx
#
# Machines which I'm primary for
#
*.fido.net            $domain                 bydns_a
*.wms.co.uk              $domain                 bydns_a


So long as I can continue to do this I'll be a happy bunny :)

(Just in case this is actually a fluke and not in as a design feature)

> On Wed, 14 May 1997, Chris Thompson wrote:
>
> > This was my initial reaction too, but there are different reasons sites
> > want to control relaying. Greg's mechanism is perfectly adequate for
> > preventing spammers using you as a relay site to bombard the whole world
> > from (with the result that you get put on everyone's hate list as well).
> > If a recipient domain surreptitiously creates an MX record pointing to
> > you, they certainly can't complain about you relaying mail to them!
>
> OK, point taken. As it happens, a bit of work I did a few days ago
> should make it fairly trivial to implement "permit_relay_if_we_are_MX".
> Idea noted.
>
> -- 
> Philip Hazel                   University Computing Service,
> ph10@???             New Museums Site, Cambridge CB2 3QG,
> P.Hazel@???          England.  Phone: +44 1223 334714

>
>

-- 
Jon Morby                                  mail: jon@???
Fidonet/Internet Gateway                   http: www.fido.net