Szerző: W B Hacker Dátum: Címzett: exim users Tárgy: Re: [exim] Real letters to domain literal?
Lena@??? wrote: >> From: W B Hacker
>
>> postmaster@, hostmaster@, abuse@ where '@' may be followed with either:
>>
>> - one of the hosted <domain>.<tld>
>> or
>> - one of the server's IP's as a literal
>
> Has somebody here ever got a non-spam letter with useful content to
> postmaster@[XXX.XXX.XXX.XXX] or abuse@[XXX.XXX.XXX.XXX] ?
>
Actually, yes. Usually one of my 'other' (non-MTA) boxen complaining
about one thing or another.
It goes back to another issue. Two, really.
First:
- whether or not to 'allow' domain literals at all.
-- The RFC's have always said we should do. There was (at one time),
some risk of server compromise. No longer a worry with Exim's other
tools, but many folks still do NOT allow them.
There are RFC's that need 'bending' to stay above water, and others that
do not. This is one where compliance is easier than not. But one DOES
need soem appropriate acl's.
Second:
- what of the production or application box that is NOT a public-facing
device at all, let alone an MTA, yet still needs to send *at least*
daily, weekly, monthly reports to an admin? AND report retry or other
failure.
Think backup-storage servers, firewalls, office copiers calling for
toner, soft-drink machines reporting empty, etc.
Such boxes do not necessarily need an assigned <domain>.<tld>
One might add these to, for example, approved relays by IP alone.
One might otherwise allow domain literals ONLY from postmaster & friends
AND ALSO check for forgeries.
In either case, preventing abuse is handled by decent acl rules.