On Mon, 3 May 1999 09:52:21 +0200 (METDST), you wrote:
>I need to check the HELO-string as additional proof. There is one host
>that has to relay mail over my host since their ISPs SMTP-Server is _way_
>too slow. Since this host has a dynamic IP and a fqdn from its ISP,
>checking the net (IP) would not help at all - there would still all
>customers of that ISP be able to relay mail through my computer.
>
>Checking the HELO string (and the host name) wouldn't necessarily block a
>spammer from pretending to be an allowed host, but it would minimize the
>risk. At least I think so :|
This is inherently insecure. I'd suggest adding some extra level of
security like requiring the client to establish an ssh connection to
your exim host and then allowing that host from where the ssh
connection is originating to use your exim as mail relay. OTOH, you
could use an ssh port forward for port 25 without having to change
your exim config in that case.
You definetely need some more authentication than HELO.
Greetings
Marc
--
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Karlsruhe, Germany | Beginning of Wisdom " | Fon: *49 721 966 32 15
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fax: *49 721 966 31 29
--
*** Exim information can be found at
http://www.exim.org/ ***