Best Way to Control Relaying?
Alex Neuman van der Hans
alex at nkpanama.com
Fri May 12 19:19:33 IST 2006
Kai Schaetzl wrote:
> Muhammad Nauman wrote on Fri, 12 May 2006 09:22:48 +0500:
>
>
>> I already have restricted IP'ies in my /etc/mail/access but they also count
>> up2 about 6000 ip'z
>>
>
> If you only restrict access this way you *are* an open relay. Only using SMTP
> AUTH will stop abuse. This may help you:
> http://spam.abuse.net/adminhelp/
>
What Kai means, more accurately, is that, to _your customers_, you _are_
an open relay. This also means that to _viruses_ and _spyware_ running
on your customers' machines, you _are_ an open relay.
For all intents and purposes... Understand this, this is the important
part... You *cannot* allow yourself to be an open relay, to *anyone*,
under *any* circumstances. People must be made responsible for their
actions, and that's where my second point comes in.
When you change REC_AUTH to REC_FULL_AUTH, what you're doing is asking
sendmail to add "authenticated user mnauman" instead of "authenticated
user" to your headers. That way you can know, immediately, who sent the
e-mail - as opposed to just knowing it was authenticated and having to
fish through the logs for the specific msg id.
More information about the MailScanner
mailing list