[exim] Re: bounce messages and their potential misuse

Top Page
Delete this message
Reply to this message
Author: Adam Funk
Date:  
To: exim-users
Subject: [exim] Re: bounce messages and their potential misuse
On 2006-03-31, Peter Bowyer <peter@???> wrote:

>> To do that I'd have to configure my home Exim to route mail
>> differently according to the From-address,
>
> Trivial in Exim - very many 'home users' of Exim do this.


I know, but it was the next part that bugged me.

>> and I'd have to store my
>> shell password unencrypted in exim.conf!
>
> That's one way, but several dozen others don't require that. Better
> read the section on authenticators in the docs.


I'll do that. Do you mean that even if the "HOWTO" provided by the
mail administrator or mailhop.org says to put

login:
    driver = plaintext
    public_name = LOGIN
    client_send = ": userid : password"


in exim.conf, the same result (from that server's point of view) can
be achieved more securely (from mine)?

>> > This does of course also mean that you can't register a domain name via a
>> > 3rd-party registrar and send mail from that domain via your ISP's mail
>> > servers (since your ISP has no idea that you own that domain).
>>
>> Isn't this one of the main reasons why a lot people say SPF stinks?
>
> SPF has disadvantages, but the fact that it encourages good practice
> by mail forwarders and relays isn't one of them.


Sorry, but I don't see forcing the same person using the same computer
to send messages through different routes as good practice.