Thanks for the responses.
Let me make sure I understand.
If newmediaone.net is in rcpthosts, and some spammer send this message via
SMTP:
To: [EMAIL PROTECTED]
CC: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
BCC: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: whatever
Will the message be delivered to [EMAIL PROTECTED], but not the other
addresses listed?
Thanks!
Peter Janett
New Media One Web Services
================================
WEB HOSTING FOR WEB DEVELOPERS
================================
-> Sun, IRIX, NT, Linux <-
PHP, MySQL, Perl, Cold Fusion,
MS SQL, ASP, SSI, SSL
http://www.newmediaone.net
[EMAIL PROTECTED]
(303)828-9882
----- Original Message -----
From: David Dyer-Bennet <[EMAIL PROTECTED]>
To: Peter Janett <[EMAIL PROTECTED]>
Cc: Qmail <[EMAIL PROTECTED]>
Sent: Monday, September 04, 2000 5:08 PM
Subject: Re: Shouldn't rcpthosts be empty to ward off spam?
> Peter Janett <[EMAIL PROTECTED]> writes on 4 September 2000 at
15:57:45 -0600
> > I apologize of this is in the docs somewhere, but I didn't see it.
> >
> > If I understand what rcpthosts does, I would think that this file
should be
> > empty. My understanding is that if the "To:" address contains a domain
name
> > listed in rcpthosts, then it will relay that email. So, a spammer can
send
> > a message to mailto:[EMAIL PROTECTED], and to a bunch
of
> > spam victums in the cc and bcc fields.
>
> Don't think "relay". Think "deliver". That's why it's named
> "rcpthosts". That's "receipt hosts". That's "hosts you will
> *receive* mail for". So it should list, like, all the hosts you will
> unrestrictedly receive mail for. Which generally means the ones
> listed in locals plus the ones listed in virtualdomains. You want any
> site in the world to be able to send you mail for those sites.
>
> I *think* the reason so many people get confused about this is because
> of using POP clients, which send their outgoing mail via smtp. That's
> an anomaly and a distortion. Thinking about that as your normal model
> makes all the terminology come out wrong and causes confusion. In the
> *normal* unix world, locally-originated mail is injected into the
> queue via qmail-inject, not delivered via smtp.
>
> (Nothing at all wrong with using pop clients and such, it's just that
> they don't follow the normal mail model, so trying to think about MTAs
> from a pop client perspective seems to cause confusion.)
>
> Now, "relaying" means "accept via SMTP mail that will NOT be delivered
> locally, but will instead be sent on via SMTP".
>
> Because of the need for relaying (if you act as a smart host for
> system hidden behind you, or because of the need to relay for POP
> clients), there are *two* kinds of mail you want to accept via SMTP:
>
> First, mail intended for the local environment. This is determined by
> examing the envelope RCPT field; rcpthosts identifies which mail
> should be accepted for this reason.
>
> Second, mail which you wish to relay to its destination. This mail is
> identified based on where it comes *from* (the IP address of the
> system initiating the SMTP connection), not where it's going *to*.
> This mail is identified by the RELAYCLIENT environment variable set by
> tcpserver, based on the originating IP address, either statically, or
> dynamically using pop-before-smtp. (or is injected locally using
> qmail-inject; mail injected locally will never be bounced based on
> anti-relaying rules).
> --
> Photos: http://dd-b.lighthunters.net/ Minicon:
http://www.mnstf.org/minicon
> Bookworms: http://ouroboros.demesne.com/ SF: http://www.dd-b.net/dd-b
> David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED]
>
>
