On Wed, 24 Oct 2001, Timothy K. Cornelius wrote:
> But my point was to see if there was a solution at the firewall level.
> Now I know there are many many intelligent people on this list and I
> wanted an answer on a way to do this.
unfortunately there isn't, that's kind of everyone's point. you can block
access to the testing machines, that's not that hard to do. however, once
you are on their lists it is up to you to prove that you are no longer an
open relay. you'll have to have a working SMTP server on that machine
which doesn't do arbitrary relaying. if you attempt to firewall that
source host, it will say "i cannot confirm it is a closed relay, it will
remain on the open relay list."
as such, take the advice given: fix your smtp server.
____________________________
jose nazario [EMAIL PROTECTED]
PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80
PGP key ID 0xFD37F4E5 (pgp.mit.edu)
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
