RE: [Exim] Opinions sought on new ignore_hosts option

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: Jason Gunthorpe
CC: John Horne, exim-users
Subject: RE: [Exim] Opinions sought on new ignore_hosts option
On Tue, 15 Aug 2000, Jason Gunthorpe wrote:

> Hm.. From a security viewpoint it would be good to say 'drop 172.16.*
> unless the domain being looked up is myprivatelan.com' that way DNS abuse
> cannot be used to send SMTP to arbitary internal machines.


That could be done by expanding the ignore_hosts option. I was wondering
whether to expand it or not; you have now given me a reason to do so.

ignore_hosts = ${if ! eq{$domain}{xxxx}{172.16.0.0/16}}

-- 
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.