----- Original Message -----
From: "Ralf Hauser" <ralfhauser@???>
To: <exim-users@???>
Sent: Saturday, September 20, 2003 12:52 PM
Subject: RE: [Exim] how to accept a recipient address format that normal
smtp servers reject before accepting the body/attachments
> > -----Original Message-----
> > From: Robert Kehl [mailto:mailinglists@robertkehl.de]
> > Ack. But how is to be using your server, assumingly your users?
These
> > users shouldn't be allowed to send their mail with a *very* special
> > local part over any other SMTP?
> need not be a local part, can be the domain.
> > Again, no way. They may use *any* SMTP Relay server - be it an
illegal
> > one or are legal they probably pay for or whatever.
The above stays correct.
> > If you want to construct a secure network with roaming agents
outside in
> > the world, secure their workstations, train your personnel, train
your
> > users, trim their Mail clients. You have to have control over the
> > workstations to be passably sure your mail traffic is never sent
over
> > any unwanted server or unencrypted connection.
> sounds like a very "soft" approach
It is, dear Ralf, it is - let the bees fly, and you'll get honey from
every flower they can reach... it's that easy.
You will be able to tame 2 users, 3 users, 5 users, but let the number
grow to 10, to 20, to 50 users you want to never send any confidential
mail over an unwanted host or unencrypted connection, and you can be
*real* sure you've got a significant amount of people spending a lot of
time trying to bypass your security precautions. They do this:
+ just to see if they are able to do it.
+ just beacuse their neighbour told them "Hey, you must *always* use the
SMTP of your Dial-In-ISP, boy!" in case your exim SMTP server isn't
reachable for a few minutes so they can't send their mail out.
+ just because they read a usenet message dating from 1986 stating
something with "try smtp.example.com and substitue example with your
isp's name".
+ just because they do not understand what you've installed (GPG, TLS,
preconfigured accounts and the like) and therefore simply deleted it.
+ Just beacuse they managed to hack the Admin password on their box
(surely :( having a complete harddisk backup ready at hands), they now
want to BE the admin
+ just because they don't like you
+ just because they are "using" the box they do not own in a way you,
probably the owner or at least the person in charge, would not
recommend.
+ just because they want to have their freemail accounts on their box
wherever they are - together with any of the always very important
private mail, including every Flash animation, every P*werP*int
presentation, every "funny .exe" file. They want to send all these
garbage to their friends. In *this* very case, you must at least be
happy if they bypass your SMTP for this... For sure it would be better
to not have anything of these useless time wasters, but - forget it. You
can't fight fun or what one defines as being fun for oneself.
> > Bad idea! Any Relay server will first accept the message and *later*
> > reject it, leaving traces in its' various log files, I presume.
> if so, I guess my idea won't work ... :(
I guess so, too, sorry.
> > Well... anybody with a local part NOT containing some unwanted
symbols
> > is actually denied.
> isn't it exactly the opposite: "anybody with a local part containing
some
> unwanted symbols is actually denied"?
You're absolutely right, I produced a logical error - my fault.
> > > 4) furthermore, each sender needs to SMTP-AUTH?
> >
> > Well... #4) says every successfully authenticated sender will be
> > ACCEPTed - that's quite a difference from "anyone MUST
authenticate".
> Sure, a different sequence in time, but will the result be different
too?
It depends on the acl sequences that follow your
accept authenticated = *
If the acl were to end here, you'd be right. If not, one can't say what
happens without having a look at the whole configurationm, at least the
acl part of it.
> Conclusion:
> if bogusSmtpHost.MyRealDomain.tld would at least stop users from
> inadvertently send to non-relay smtps, this would still be good
collateral
> to the soft measures you mention?
Hm, again I don't fully get you here. As I understand you,
bogusSmtpHost.MyRealDomain.tld is inside the dmz or otherwise at the
border of the network you control, and reachable from the outside? This
server is to accept messages only from your authenticated users, using
TLS and the like to ensure secured traffic?
No, it wouldn't help at all if you'd forbid your users to relay via your
server, as they are then *forced* to use another one for the rest of
their mail. This way, you ensure you have absolutely no control over
their outgoing email traffic.
In contraray, you'll have to ensure that your users are allowed to relay
via your server. You may then stop some virus infection at the door,
keep an eye on their recipients or whyever you want to control their
traffic and the like. Be sure to know the legal field you're playing
on - it might depend on more factors you've been thinking of now. But
that's outside the focus of this thread, I think.
If you only want to ensure that your server is kept clean from garbage
mail, the above would indeed make sense, but you'll lose control,
anyway.
It's like trying to keep the bees inside while drooling over honey...
With kind regards,
Robert Kehl
