On Tue, 27 Oct 2009, Charlie wrote:
> I was wondering how exactly ISP's - that don't require authentication -
> manage to restrict access to their customers only.
> I know that Exim can restrict access by IP address, but IP addresses can be
> spoofed (and very often are spoofed by automated scanners which search for
> SMTP servers that are open in this way).
This is pure nonsense. IP addresses in TCP connections are very difficult
(basically impossible) to spoof without access to the physical wire (or
link layer) that the user is on, or without them finding out.
This in itself destroys the rest of the argument, but if you want extra
security, configure your border firewall to block incoming packets from
the outside world that claim to be coming from IP addresses that you know
are internal to your network.
Cheers, Chris.
--
_ ___ __ _
/ __/ / ,__(_)_ | Chris Wilson <0000 at qwirx.com> - Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Perl/SQL/HTML Developer |
\ _/_/_/_//_/___/ | We are GNU-free your mind-and your software |