* Philip Hazel <ph10@???> [20010904 11:41]: writing on the subject 'Re: [Exim] ETRN again...' | On Mon, 3 Sep 2001, Odhiambo Washington wrote:
|
| > | issues an etrn to that domain; this invokes exim -Rf (anything else
| > | to try to achieve this functionality?); and this forces
| > | the delivery.
| >
| >
| > This really sounds bad, since anyone can telnet to the smtp port and do
| > it.
|
| No. Only hosts that match smtp_etrn_hosts can issue ETRN.
Thank you. I verified it by asking a friend whose IP is outside my
smtp_etrn_hosts and this is what I got in the log file, for the benefit of
others:
2001-09-04 13:36:49 Rejected ETRN HOTGOSSIP.CO.KE from [212.22.161.122]
Something OT from this:
I am using SMTP AUTH now. When C034 was written, the writer suggested that
one patches Exim code so that MUAs like Netscape don't start prompting the
user for asmtp passwd. In my case (Exim-3.33) I did not patch and this is
happening. When C034 was written it was way back.
So, what is (or was) Mr. Hazel's opinion on that idea of patching, if any?
Imagine if every Thursday your shoes exploded if you tied them the usual way.
This happens to us all the time with computers, and nobody thinks of
complaining.
-Jeff Raskin
