On Fri, 12 May 2000, Malcolm Beattie wrote:
> If ORBS finds any one host in Oxford is an open relay then ORBS
> blacklists not only that host (rightly) but *also* its smarthost:
> oxmail.ox.ac.uk.
Which is correct IMHO since this setup allows unauthorized relaying over
that host. You have also named the solution: Block alls incoming SMTP
traffic except for some known good hosts. We are using the same setup
here, with good results.
> Immediately, none of the 30000 users in Oxford can email anyone who
> uses ORBS.
Why do you use a smarthost? Outbound SMTP isn't dangerous.
> Given the number of hosts involved with hundreds of mostly autonomous
> departments and colleges, she's going to be spending even more time
> keeping all those registrations up to date and coping with the moans
> of plenty of other people who see firewalling off SMTP and not
> allowing them to run SMTP servers as fascist.
Set up two (or more :-) ) machines as a central relay which accepts mail
for all the subdomains and add them as MX hosts with lower priority than
the real mail host. Any host trying to send you mail will first try the
department server (Connection refused) and then the relay (mail accepted).
The relay then forwards the mail to the department server.
But we're getting way OT here.
Simon
-- PGP public key available from http://phobos.fs.tum.de/pgp/Simon.Richter.asc Fingerprint: 10 62 F6 F5 C0 5D 9E D8 47 05 1B 8A 22 E5 4E C1 Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon May 15 2000 - 21:00:20 EST