Re: Postfix in unstable made my system an open spam relay
Richard Atterer <firstname.lastname@example.org> writes:
> On Sat, Oct 13, 2001 at 05:44:33PM +0200, Stefan Hornburg (Racke) wrote:
> > But allowing relay from 192.168.0.0/16 is OK ? I'm the maintainer of
> > the Courier mail server, where this is the default.
> "It depends."
> Imagine a larger company with several departments, each using a
> different 192.168.x.0 class C subnet. It is common to separate
> departments from one another to protect against internal attackers
> from other departments. Your configuration would leave open a hole in
> that case.
> I'd really prefer a "safe by default" policy where only localhost is
> allowed by default, with an obvious commented-out section in the
> config file showing how to enable relaying.
> But as the package maintainer, it's your choice - your default
> configuration is certainly safe 99% of the time.
Yes, but I think Tommi is right. If I put notice in README.Debian
and the administrator cannot figure it out, its not my fault.
So I'll only allow relaying for localhost.
In this case maybe a statement in the policy would be nice !?
Racke happily hacks Interchange and maintains Debian packages like Courier.
For projects and other business stuff please refer to COBOLT NetServices
(URL: http://www.cobolt.net; Email: email@example.com; Phone: 0041-1-3884400)