Author: Dave C. Date: To: Tom Samplonius CC: AMH, Exim Subject: Re: [Exim] relay question
To be slightly clearer - relaying based on sender EMAIL ADDRESS or HOST
NAME is insecure. Relaying based on known predetermined, sender host
*numeric* IP ADDRESSES is OK.
For 'roaming' users, their IP address will not be predetermined,
therefore there is no way to use that method. SMTP AUTH is the solution
for roaming users. Beware of some access providers that hijack port 25
traffic (see ongoing thread re AOL), so use of an alternate port number
may be necesarry.
On Sun, 21 Apr 2002, Tom Samplonius wrote:
>
> No, you need to use SMTP AUTH to provide secure relaying for arbritrary
> networks. Relay control based on sender address or domain is not secure.
>
> Tom
>
>
> On Sun, 21 Apr 2002, AMH wrote:
>
> > Hi guys,
> >
> > Can I prevent spamers from using my mailserver with this configuration.
> > What I want is that only those users in my MySQL database should be able
> > to use my mailserver for outside relay. I also want my users to use this
> > mail server from remote location. Can someone please have a look at this