On Fri, Aug 23, 2002 at 01:35:30PM +0200, zabbe wrote:
> Thanks for helping me out.
> I thing this should be a default in the CFG that you need to set this. Is
> a bit of a security risk not to use it.
Oh, absolutely, users with legitimate email addresses elsewhere shouldn't
be relaying their messages through your server because they have an email
account with you. They should use each server individually, and only send
from the place where they are going to receive that email.
> Since users can fake email otherwise with other servers domain names.
Yeah, absolutely, it would be terrible for someone to send mail as if
from their primary address @reboot.nu from another system, after all,
they haven't touched your mailserver, just so that if any bounce comes,
it comes into their primary inbox. It's too high a price to pay, I
reckon. Yeah, users can only fake the addresses if you don't configure
your servers to make sure that any emails sent from it are also destined
to it.
MBM (just in case you're not aware of sarcasm, I don't think this, I'm
pointing out that it's an exceedingly bad idea to do this, and by
doing it, you're missing the point somewhat.)
--
Matthew Byng-Maddick <mbm@???> http://colondot.net/