-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Alessandro Vesely wrote: | If that behavior is meant on one server, it would be enough to deny | relaying. However, Courier sets RELAYCLIENT by default upon login and it | doesn't seem that the value of that variable can be set in advance to | something special in order to limit an authenticated user.
That's what I was afraid of. | Thus, I'd say you need a global filter. That is fully generic, since you | may code a definition of what local addresses are allowed. When the filter | detects a forbidden destination, it can reject the message after the DATA, | which will result in an error in the user's SMTP client. Yes, I already have a filter that does that. It's not perfect, but is based on the pythonfilter framework. | Obviously, you need a firewall that prevents local users from reaching the | destination host on the internet directly. That's the current status. - -- Arturo "Buanzo" Busleiman The Charlie Protas Project is on its way Independent Security Consultant - SANS - OISSG http://www.buanzo.com.ar/pro/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHqET9AlpOsGhXcE0RCi6YAJ4q2w68SHl3Km3wudnMeoHtstZiRwCfcOhK av3oJ7IyRIlzAiIuUSynGDg= =b0jX -----END PGP SIGNATURE----- ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
