[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: again.. how to stop spam relaying?

To: TrevorPaquette@mcc.net (Paquette Trevor)
Subject: Re: again.. how to stop spam relaying?
From: mea@nic.funet.fi
Date: Tue, 10 Feb 1998 16:26:13 +0200 (GMT)
Cc: zmailer@nic.funet.fi
In-Reply-To: <C925EB174777D111BAA50060083DB80E0CFBA1@A01EX001.mcc.net> from "Paquette, Trevor" at Feb 10, 98 06:26:42 am

...
> All of the above looks ok.. BUT my default boiler plate section is
> different..
> ALL of those lines that you have listed below are commented out.
> When would you want to use each alternate case? What does each actually
> do?

	Ok, I will try to elaborate.  I added more comments there,
	and placed a copy below.

> > It must be about a problem in the   smtp-policy.src  boilerplate then.
> > Here is my standard-issue boilerplate as it is in the source tree:
	(well, an extract from it, of course)

#|-----------
#|
#| Default handling boilerplates:
#|
#|   "We are not relaying between off-site hosts, except when ..."
#|
#| You MUST uncomment one of these default-defining pairs, or the blocking
#| of relay hijack will not work at all !
#|
#| -- 1st alternate: No MX target usage, no DNS existence verify
#|    Will accept for reception only those domains explicitely listed
#|    in  'smtp-policy.mx'  and  'localnames'  files.  Will not do
#|    verifications on validity/invalidity of source domains:  <foo@bar>
# .			relaycustomer - relaytarget -
# [0.0.0.0]/0		relaycustomer - relaytarget -
#| -- 2nd alternate: No MX target usage, DNS existence verify
#|    Like the 1st alternate, except will verify the sender (mail from:<..>)
#|    address for existence of the DNS MX and/or A/AAAA data -- e.g. validity.
# .			relaycustomer - relaytarget - senderokwithdns +
# [0.0.0.0]/0		relaycustomer - relaytarget - senderokwithdns +
#| -- 3rd alternate: MX relay trust, DNS existence verify
#|    For the people who are in deep s*...  That is, those who for some
#|    reason have given open permissions for people to use their server
#|    as MX backup for their clients, but don't know all domains valid
#|    to go thru...  Substitutes accurate data to user's whimsical DNS
#|    maintenance activities.  Vulnerable to inbound resource abuse.
.			relaycustomer - acceptifmx - senderokwithdns +
[0.0.0.0]/0		relaycustomer - acceptifmx - senderokwithdns +
#| -- 4th alternate: Sender & recipient DNS existence verify
#|    This is more of an example for the symmetry's sake, verifies that
#|    the source and destination domains are DNS resolvable, but does not
#|    block relaying
#.			senderokwithdns - acceptifdns -
#[0.0.0.0]/0		senderokwithdns - acceptifdns -
#|
#|  Also you may add   'test-dns-rbl +'  attribute pair to [0.0.0.0]/0
#|  to use Paul Vixie's  http://maps.vix.com/ MAPS RBL system.
#|
#| These rules mean that locally accepted hostnames MUST be listed in
#| the database with  'relaytarget +' attribute.
#|
#|-----------

/Matti Aarnio <mea@nic.funet.fi>

References:
- RE: again.. how to stop spam relaying?
  - From: "Paquette, Trevor" <TrevorPaquette@mcc.net>

Prev by Date: RE: again.. how to stop spam relaying?
Next by Date: RE: again.. how to stop spam relaying?
Prev by thread: RE: again.. how to stop spam relaying?
Next by thread: RE: again.. how to stop spam relaying?
Index(es):
- Date
- Thread