著者: Renaud Allard 日付: To: Mike Cardwell CC: Exim Users List 題目: Re: [exim] How do ISP's restrict access without authentication
Mike Cardwell wrote: > Charlie wrote:
>
>> Thanks everyone for your replies, and sorry for the late reply.
>> So, here is my problem.
>> I need to be able to authenticate traffic that is automatically being routed
>> to my mail server from a hotel's network.
>> I have the hotel's IP address, so I can authenticate based on that. I cannot
>> authenticate based on any sort of username/password, because the SMTP
>> redirection software they use cannot properly adjust these values to match
>> what we need.
>>
>> The problem is that authentication based solely on IP address is not good
>> enough, because within a few days, the mail server is 'discovered' by
>> Chinese spammers. We've also tried the same thing with an entirely different
>> hotel (and the different IP address). This was also discovered as being a
>> mail server that authenticates solely by IP address, and was quickly spammed
>> by the Chinese spammers (using a forged IP address).
>
> For all intents and purposes, you can't "forge" IP addresses in TCP
> connections. Authentication based on IP should be fine. Please show us
> the exact configuration that you've used to restrict relaying by IP.
>
It's maybe that spammers are in the hotel in the form of trojanned
client machines... That would explain it very easily.