Jan Pieter Cornet wrote:
On Tue, Jan 10, 2006 at 07:11:35PM -0700, Philip Prindeville wrote:
This seems like pretty weak security to me. Is there a valid reason for
having sites answer to an EXPN or VRFY?
Agreed that it's weak security: some legacy management software requires it.
But... that doesn't change the fact that having individual knobs and
controls
provides finer tuning... And it might be nice to block the connection
before
we've exposed too much information.
Can't you use an IP-based access control? That can be done in stock
sendmail via the access.db
Due to the way that addresses are treated as strings, representing
address blocks
that aren't aligned on 8-bit boundaries is a pain... And you can't do
programmatic
checks like you can in Perl.
If that's not possible, due to roaming or dynamic users, I'd switch
to SSL, and SMTP AUTH.
Well, from a purely architectural point of view... a symmetrical
design would provide a control hook at each transition point in the
state machine...
Last I heard, there was a bug in sendmail that makes it ignore the
error code from a milter after the xxfi_helo call... but that might
be fixed nowadays.
Nowadays start with which version? 8.13.1? Or more recent?
BTW: Anyone have a .spec file for FC3 that works with 8.13.5?
And can mimedefang be run and used without spamassassin?
-Philip
_______________________________________________
NOTE: If there is a disclaimer or other legal boilerplate in the above
message, it is NULL AND VOID. You may ignore it.
Visit http://www.mimedefang.org and http://www.roaringpenguin.com
MIMEDefang mailing list [email protected]
http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
