On Sun, 15 Feb 2004, Kai wrote: > You can almost guess what other test would show smashing results, > but for that, SA has to learn what the local interface IP number(s) > is(are), and I don't think there is any code to do that right now.
I do that kind of test in MimeDefang on my mail servers: whether you use a properly formatted dotted-quad or not, or a hostname, if you connect to my mail server from outside my network, and HELO as any one of my mail servers, you'll get dropped. I can accept that the HELO argument will not necessarily match the hostname or IP address that my mail server sees, but I know where my own mail servers are, and how they connect to each other, and no other host has any "right" to claim to be one of my mail servers. No reported false positives (and I can't think of any situation that would result in a false positive). Some folks have expressed concern about roaming clients in this case, and though there's some validity to the concern (a host with an external IP address might claim to be a host in my domain), if properly configured, no such system would HELO as one of my mail servers anyway. I'll share, if people want, but it is off-topic for this list, and frankly very dependant on per-site configuration. -- ---------------------------------------------------------------------- Sylvain Robitaille [EMAIL PROTECTED] Systems analyst / Postmaster Concordia University Instructional & Information Technology Montreal, Quebec, Canada ----------------------------------------------------------------------
