At 16:10 -0400 2003/09/17, Oren Levi wrote:
>Nope those changes made the server open to relay from anyone.
>
>Authentication wasn't checked. as well.
what changes? I would exclude that the standard configuration file
makes the server an open relay!
>
>I'm puzzled how does the ACL distinguish between a relay and a local
>delivery from outside ?
a local delivery is characterised by this condition (from the outside
or the inside is irrelevant):
domains = +local_domains
a relay can be of two types:
a relay to a domain (as a recipient domain) for which we relay, the
typical statement is:
accept domains = +relay_to_domains
endpass
message = unrouteable address
verify = recipient
or a relay to any domain but from authorised sources. A source can be
authorise either because its IP address belongs to a given list:
accept hosts = +relay_from_hosts
or because the source used SMTP AUTH:
accept authenticated = *
Still keep in mind what I said in my prev email, and read the spec.txt.
Giuliano
