> Steve Lamb <morpheus@???> probably said:
> > On Thu, 29 Apr 1999 20:42:38 -0400, Jim Knoble wrote:
> > >There's actually a possibility of usefulness for internal networks that
> > >have no or limited access to external DNS (and possibly other
>
> The only "abuse" you open yourself to is someone using you as a backup
> MX. It doesn't open you to random relaying, only _to_ a domain that
> someone controls the DNS for.
>
> In some cases its far easier to allow this and stomp on people you
> don't want to be doing it (from logs) than trying to work out every
> legitimate domain, and since they are putting their mail through your
> server you have a fair bit of clout here ("/dev/null sounds like a
> good destination to me ...")
>
> > >services). No compelling reason to remove it.
> > But a compelling reason to modify it, which was my point. ;)
>
> Modify it how ?
>
> How could you reasonably make a decision about if someone is a valid
> user of your relay without listing them all ? If you're listing them
> all, use the other options, if you _can't_ list them all for one
> reason or another or you're in a limitet situation (as mentioned), the
> option is very useful.
I agree. It is very useful.
My goal is to make our mail servers require as little maintenance as
possible. I configure it to believe (for the most part) DNS. This
means that regardless of local configuration we always forward elsewhere
if a domains MX record doesn't point at us.
Similarily we believe the MX (up to a point) if it does point at us.
We will accept a message if it is for a domain that has an MX pointing
at us. However to reduce the potential for abuse I plan on adding
a condition test that will use an LDAP query to verify that we some
relationship with the owners of the domain. If not I'll simply drop.
This moves the management of the information from the mail server into
the directory, where (hopefully) it is a) easier to do and b) available
to all mail servers (and other software).
--
*** Exim information can be found at
http://www.exim.org/ ***