On Fri, 28 Jun 2002 16:40:44 +0100 Alistair Knight <alistair@???> wrote:
> So what's the best way of controlling relaying, my users can log on from
> anywhere, so host_accept_relay is out....
if possible, set up the submit port (587) and have your users submit
through it, using SMTP AUTH. leave traditional port 25 completely locked
down.
second best is to set up SMTP AUTH on port 25, and only permit relay for
those who successfully authorize with it.
if your user base has any sophistication, then another alternative is to
install ssh on their remote systems and tunnel the SMTP connections so they
come from localhost on the mail transport system.
richard
--
Richard Welty
rwelty@??? Averill Park Networking
rwelty@??? Unix, Linux, IP Network Engineering, Security
rwelty@??? 518-573-7592