[ On Monday, December 8, 2003 at 11:05:04 (+0000), Philip Hazel wrote: ]
> Subject: Re: [Exim] Domain literals: weighing up the arguments
>
> On Sun, 7 Dec 2003, Tim Jackson wrote:
>
> > a) they should not be overly put off by the scary warnings in the Exim
> > config: enabling domain literals won't in itself enable abuse of your
> > server.
>
> I will review the scary warnings next time.
Please do.
A great deal of the resistance I encounter to supporting IP address
literals in e-mail comes from people totally ignorant of the facts and
who are basing their decisions entirely on totaly unjustifiable
F.U.D. spread by warnings such as those.
Sure, once upon a time some MTAs suffered from bugs that would allow
remote relay controls to be bypassed by use of domain literals. However
I haven't even heard of any such bugs in quite some time, not even in
rare commercial software (e.g. even FirstClass fixed their related bugs
some time ago, IIUC, though in a most bizarre manner :-).
If supporting/allowing domain literals makes an MTA insecure, then
that's a serious problem in the MTA, not in the concept of supporting
domain literals.
--
Greg A. Woods
+1 416 218-0098 VE3TCP RoboHack <woods@???>
Planix, Inc. <woods@???> Secrets of the Weird <woods@???>
