On Wed, 22 Dec 1999, Dustin Miller wrote:
> Although that does bring up an interesting security question. A spammer
> could, potentially, launch a denial of service attack against a qmail server
> by sending spams, couldn't they?
They can do that anyhow by sending to mailer-daemon, root, or another
system account.
> If qmail takes the time to queue them,
> that's a Bad Thing(tm), in my opinion. Would it be violating any kind of
> RFC if we re-coded qmail to reject those relay messages the moment someone
> who doesn't have ALLOWRELAY set for their mask attemps to send a message to
> a non-local user? Just a thought.
The problem is that the double @ addressing (user@target@[qmailhostip]) IS
a local address as far as qmail is concerned. So it's not, as far as
qmail is concerned, a relay attempt, but a regular delivery attempt to a
client it handles. Then when it tries to deliver it locally, and it turns
out there is no user@target on the local machine, it bounces the letter.
Qmail does immediately reject relay attempts to domains it is not
configured to handle.
-M
Michael Brian Scher (MS683/MS3213) Anthropologist, Attorney, Policy Analyst
Mainlining Internet Connectivity for Fun and Profit
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Give me a compiler and a box to run it, and I can move the mail.
