At 11:38 PM -0500 11/28/01, [EMAIL PROTECTED] imposed structure on a stream of electrons, yielding:
>So is there some easy setting I can make in SIMs that stops anyone sending >mail through my SIMS - whether they're an account holder or not, and so >therefore be sure to make sure that noone uses my server for SPAM. > >Currently I've got it set on the default settings in SMTP of Relay for >Clients Only and Verify Return Paths both checked. As long as the client list is empty, this gets you 99% of your goal. If you are running 1.8B8 or one of the later dev versions (you should be, if spam relay control is a concern) make sure to uncheck the advertising of AUTH capability and set the time limit on treating authenticated IP's as clients to 'Never' >Is it as easy as setting "Sending Options" to 0 TCP Channels to prevent any >mail, from authorised users or not from leaving my server? I would expect that to work to prevent all actual relay, and it's definitely a good idea, but i wouldn't make it the only protection. If somehow the machine still accepts mail to be relayed you could end up DoS'ing yourself by building a giant outbound queue of messages that are never delivered. Another thing to do with the same effect would be to have all mail delivered via a foreign server and provide a definitively bogus name for the foreign server. >Secondly, and possibly somewhat contradictorily to the above perhaps > >Is there some "brotherhood' of SIMS users to tap into (I know I've just sent >them all an eMail <g>) in order to arrange for someone to provide secondary >service to our domain? This sits on a Mac in my basement at home beside a WWW >server that also provide HTML and database hosting for two non profit >societies. You may want to think carefully about what having a secondary MX buys you and what it costs. What you gain is a single machine that will accumulate mail from anywhere when your primary is down. This is good in that it limits the range of answers to the question "what happened to the mail that didn't get here during the outage???" It is bad in that you lose some types of spam control over mail routed through that machine. If you do any IP source filtering via the blacklist or RBL-type lists, you give that up for mail coming by way of the secondary, unless they use the same blacklist. You also subject yourself to the spam control policies in place on the secondary. In addition, that single point of concentration for mail during your outage is also a single point of failure: if it dies a horrible death while your ability to receive mail is impaired, it will take your mail with it. Having a secondary mail exchanger, especially one outside of your control, is NOT something that suits all domains. >I'd be happy to reciprocate as a secondary for some other small entity, >having consideration of what I mention above regarding sending, or after >recieving some pointers to make sure that my setup can send to another >primary, but can do so securely in a manner that can't be abused by Spammers, >and sometimes the power goes off longer than the backup UPS can provide for >if I'm not here to get my generator going. If you are going to act as a secondary, you need to relay selectively. Whacking the entire SMTP sending ability would be a bad thing then. -- Bill Cole [EMAIL PROTECTED] ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
