[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: SMTP policy doesn't work or ...



> >>>>> "mea" == mea  <mea@nic.funet.fi> writes:
> mea>    Yesterday afternoon I completed one round on smtp-policy
> mea> REFERENCE text updates of the manual.  Pull the LaTeX generated
> mea> gziped postscript from:
> mea> ftp://mea.tmt.tele.fi/zmailer/zmanual-1.99.12.ps.gz
> 
> mea>    You will be interested in sections 3.4 and 4.1.
> 
> mea>    And of course, I would like to hear feedback on the document.
> mea> About the general layout, items missing, things covered
> mea> partially, ...  Anything at all.
> 
> 	Matti, your manual says nothing about keyword `sendernorelay'. 
> What does it exactly mean?

Oops, missed that one while writing them.

Now browsing the code I would say -- it does not make sense at all.
It behaves sort of "if this attribute is present at MAIL FROM domain,
then RCPT TO addresses shall be given 'acceptifmx' treatment."

Ah well, define new alias tag into  smtp-policy.src:

  _localnames	rejectnet - relaycustnet - localdomain + relaytarget +

and modify  policy-builder.sh  to produce  "_localnames" for each line
from  "localnames"  source file.

Then regenerate your policy dataset, and nobody goes thru just by defining
your local domain as the source domain in MAIL FROM.

> 	It is not clean for me how can I prevent my users from using us
> as outbound relay when they are outside of our local network. This
> problem is more general: for anyone who types the name of a nonexistant
> user (`mail from: <any_non_existant_user_name@our.domain>') all gates
> are opened and he (she) may do any bad things. How is it possible to
> prevent?
> 
> /Oleg

/Matti Aarnio <mea@nic.funet.fi>