On Thu, 17 May 2001, Todd Finney wrote:
> At 08:55 PM 5/17/01, Roger Walker wrote:
> >tcpserver:
> >
> >127.0.0.1:allow,RELAYCLIENT=""
> >206.75.255.:allow,RELAYCLIENT=""
> >10.:allow,RELAYCLIENT=""
> >:allow
> >
> > The first line is for localhost, the second for my class 'C',
> > the
> >third for private network stuff behind a firewall and through a VPN. I
> >presume the last is to allow anyone to connect to allow them to send
> >to my hosted domains.
>
> Doesn't that last allow line cause an open relay?
It shouldn't. As I indicated, I tested for relay - I telnetted to
port 25 from a 24. address, and if the "rcpt to:" address was not one of
the domains in control/rcpthosts, then it was rejected.
The last statement should merely allow anyone to connect - this is
a mail server, after all, and it wouldn't accomplish much if I put a
":deny" in there and disallowed any connection.
It's the "RELAYCLIENT" entry on each of the first three lines that
allows specific hosts to be able to relay to other than what's in the
control/rcpthosts file - to override it.
Feel free to try it - <206.75.255.50>. If you find a way to relay,
please let us know what you did.
Maybe I'll set up an experiment where I replace the ":allow" with
a ":deny" and see if a remote host can still send me mail (but I doubt it
would be able to).
--
Roger Walker <http://www.rat-hole.com>
Voice/Fax 1-780-440-2685 <http://www.man-from-linux.com>
"HIS Pain; YOUR Gain" <http://www.rope.net>
<http://www.rope.net/signature.html>
