Sunil Dhaka rearranged electrons thusly:
> There is still a workaround. One can specify the smtp server of vsnl while
> connected to vsnl
> and send mail from any mail address ( ie mail from: [EMAIL PROTECTED])
that is NOT a workaround or bug. It is a feature - and any sensible ISP must
allow this - as long as the guy is dialing in from an ISP or otherwise
authenticating himself, matching the sender envelope is a total waste of time.
> whereas some of the other ISPs have a better security implementation
> wherein
> while connected to that ISP you have to specify the smtp server of that ISP
> and the (mail from: ) should be from [EMAIL PROTECTED]
how so? better security indeed - that is just a needless (and stupid)
restriction. Unless, of course, it is a free ISP with a proprietary mail
client / ad bar (like Juno / Netzero in the states, caltiger here).
Or, in another case, if it is a corporate network and you want to cut down on
personal mails (GE for example filters / blocks access to most free webmail and
other services so you cant use them to send out mail).
> A combination of sendmail configuration, hosts.deny and hosts.allow will
> implement the required security policy for your organisation.
This is security by obscurity more or less. Some ISPs take the easy way out to
block relaying by allowing anybody with a valid sender envelope in their domain
to relay through their servers. Totally dumb idea - as spammers can trivially
forge teh sender envelope
As long as you relay only for your dialup pool, or for your properly
authenticated users, there is NO need to restrict relay based on sender
envelopes.
--
Suresh Ramasubramanian + mallet<@>efn.org
You spamma my mailbox, I nukea da ass
----------------------------------------------
LIH is all for free speech. But it was created
for a purpose. Violations of the rules of
this list will result in stern action.
