+++ CarolO@??? [exim-users] <04/03/02 16:17 +0100>:
> The goal is to find a mechanism to block open relay servers from customers.
> I see via inbound mail which domains are delivered on a certain ip address.
> For example foo.com is delivered on ip address 192.168.1.2. So my simple
Two far better ways to accomplish this.
Carry out regular scans on your customers (for port 25, and also other
rubbish like open SOCKS / HTTP-CONNECT proxies, security holes etc ... all of
which make you liable to be relayed through)
Block port 25 outbound on all customer machines initially - forcing them to
smarthost through a (heavily filtered) smart host mailserver ... run DCC
(
http://www.rhyolite.com/dcc/ or something on this)
If a client shows he / she can be trusted to run a mailserver (aka he knows
to run unix, or maybe MacOS, and secure his install ...) then relax port 25
outbound blocking requirements for the client.
--srs
