Re: anti-relaying

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MM+\Dom Mitchell at <-
MMMMGreg A. Woods at ->
Delete this message
Reply to this message
Author: Dom Mitchell
Date:  
To: welty
CC: Philip Hazel, exim-users
Subject: Re: anti-relaying
"Richard Welty" wrote:
> Philip Hazel <ph10@???> writes:
>
> > > sender_host_reject_relay = "*"
>
> > I will at the very least put that in commented out, with explanatory
> > text. If there is lots of support on the list for not commenting it out,
> > I will leave it uncommented.
>
> i think that with the current climate on the net, it is important for
> any mailer to be shipped with relay turned off. the spammers are
> getting pretty agressive about hunting down unprotected MX hosts now
> and it's getting _very_ ugly out there.
>
> the specific reason i switched to exim in the first place was the
> spam control; i think that a lot of those who have recently switched
> did it for that reason.

I agree. But there are also valid reasons for turning it off, too.
I think that having it off as the default is the way to go, but
even in the default config file with a size 10 warning is a start.
At the very least it can give you reference to the correct section
of the documentation (which I am sure that the size of discourages
some weak people from reading it :).

> > Personally, I feel that reverse-looking up every message that arrives is
> > a waste of net resources, which is why it isn't the default. But again,
> > I'm happy to put something in that is commented out.
>
> i think that having the ip address up there is good enough; we can
> always do the lookup manually if a message attracts our attention.

It's more a way of pointing out an obvious forgery to a user who
looks at headers. I've seen a number of cases of people not
bothering to check the IP address in a Received header, because it
"looks alright" and ending up mailing the wrong person. I know
which IP address ranges look right for demon dialups, but chances
our most of our users or the rest of the Internet don't.

I agree with Phil on this one that it can generate a significant
a significant amount of extra traffic. If this is a problem,
install a caching named on a nearby network. The information is
usually worth having, if you have a number of customers who are
likely to commit an act of abuse. It's much less needed if you
control relaying with the above stuff though. 

-Dom (I don't think I'm making sense today, but I'm sure that there's a
      point at the bottom of all this...)


--
* This is sent by the exim-users mailing list.  To unsubscribe send a
    mail with subject "unsubscribe" to exim-users-request@???
* Exim information can be found at http://www.exim.org/




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: Reverse dns checking for local machineRe: Reverse dns checking for local machine->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)