Markus, the crux of the issue for you is whether or not you allow relaying for your client servers. If you do, then the percent hack is a legitimate method for their server to request the relay from your server.
The IMail security regarding the percent hack is not to *prevent* the percent hack, it is to *notice* that a relay is being requested; IMail would then check its relay restrictions for the server or user that sent the message. I have seen zero spammers use the percent hack in the last 3 years; I suspect that SMTP software has gotten good enough and is secure by default, so the spammers moved to other techniques to take advantage of open relays. Here is my Declude JunkMail configuration regarding the percent test: #Dec-03-2002 AC This is an ancient convention for relaying; from what we've # seen, only legitimate Lotus users now use it to get out # of their own network! PERCENT percent x x 2 0 PERCENT WARN Andrew 8) MG> If I understand right a problem can ocur if one of our clients MG> mailservers (most of them exchange servers) become a open relay because MG> the admin has changed something. If this server has set our Imail-Server MG> as smarthost and uses SMTP-Auth to deliver the messages a "percent hack" MG> can use our server to relay. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
