* Wakko Warner schrieb am 21.09.04 um 02:51 Uhr:
> > Thanks for your prompt reply. Will it work, even though the config uses the
> > following setting as well:
> >
> > host_auth_accept_relay = *
> >
> > Do I have to comment this line out? Or will the wildcard only apply to the hosts
> > that I have explicitly permitted?
>
> Are you using exim 3.x? exim 4 does not have this option.
>
> But to answer your question, that will accept relaying via auth for
> EVERYONE, not just your local users.
>
> If I ran an ISPs mail server, I would:
> 1) disallow connections to port 25 from my customers
> 2) have my customers use port 587 (MSA), require authentication, and only
> allow the sender to be the authenticated sender (to prevent spoofing.
> NULL senders would be ok)
> 3) port 25 would never relay under any circumstances (that is excluding
> domains that I mx for)
> 4) deny access to port 25 to the internet from my customers. I would allow
> this for dedicated (static IP) users so they could host their own server.
> however, they would be responcible for security of their system (IE no
> open relay)
>
> Ok, you may ask why I'd do #1. Simple, It would stop virus email from ever
> being sent out from a customer. The exception is the virus that uses the
> user's MUA. If the user does not store their password, no problem. #4
> would prevent an emailing virus from spreading (given what I stated before)
And what about viruses having their own SMTP engine?
-Marc
--
BUGS My programs never have bugs. They just develop random
features. If you discover such a feature and you want it to
be removed: please send an email to bug at links2linux.de