Re: [Exim] Fixing the SSL open relay problem

Top Pagina
Delete this message
Reply to this message
Auteur: Tabor J. Wells
Datum:  
Aan: Hanasaki JiJi
CC: exim-users
Onderwerp: Re: [Exim] Fixing the SSL open relay problem
On Sun, Oct 14, 2001 at 01:55:27AM -0500,
Hanasaki JiJi <hanasaki@???> is thought to have said:

> The docs seem to state that SMTP over SSL is basically an open relay to
> MTA that talks to my server with SSL. Is this a correct interpretation?
> Is there a fix coming soon?
> Thanks.


Could you please quote the part of the docs that suggest this?

I think this part of section 38.1 in the exim specifications is pretty
clear:

---snip---
You can permit client hosts to relay, provided they are in a TLS session,
by setting tls_host_accept_relay. Note that all the host relay checks are
alternatives. Relaying is permitted if any of the checks is passed, that
is, if

The host matches host_accept_relay, OR
The host is authenticated and matches host_auth_accept_relay OR
The host is using a TLS session and matches tls_host_accept_relay.
Using tls_host_accept_relay probably makes sense only if you are checking
the client's certificate.
---snip---

but perhaps there's an ambiguity somewhere else that needs to be
corrected.

Tabor

-- 
--------------------------------------------------------------------
Tabor J. Wells                                     twells@???
Fsck It!                 Just another victim of the ambient morality