[ On Thursday, August 28, 2003 at 08:41:18 (+0100), Jez Hancock wrote: ]
> Subject: Re: [Exim] exim HELO ack
>
> The only thing to do I suppose if you have OE clients connecting is to
> ensure you allow [0-9a-z] HELO requests
Well yes, of course, if they're connecting from your "local" network
then presumably you trust them and you trust your local reverse DNS
alone to identify them accurately.
> Unfortunately most of my clients are remote and I'm sure you know how
> hard it can be pursuading some people to change mail clients -
> especially when M$ make it so hard to export your mail from their
> proprietary mbx format.
Do you really have that many remote SMTP clients which are not relaying
through their own proper SMTP gateways but instead are delivering direct
to your mailer from their broken little M$ LookOut crapware and similar?
> Could be time to go on a crusade against OE
> though :)
It's long past that time. We should have started eliminating it once
and for all back when SirCam first hit the wires.... They will _never_
get their security model right -- a correct security model violates the
very design principles they've stated publicly and thus they will always
implement insecure software, by design, and by default.
--
Greg A. Woods
+1 416 218-0098 VE3TCP RoboHack <woods@???>
Planix, Inc. <woods@???> Secrets of the Weird <woods@???>