[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Postfix in unstable made my system an open spam relay

Richard Atterer <deb-devel@list.atterer.net> writes:

> On Sat, Oct 13, 2001 at 05:44:33PM +0200, Stefan Hornburg (Racke) wrote:
> > But allowing relay from 192.168.0.0/16 is OK ? I'm the maintainer of
> > the Courier mail server, where this is the default.
> 
> "It depends."
> 
> Imagine a larger company with several departments, each using a
> different 192.168.x.0 class C subnet. It is common to separate
> departments from one another to protect against internal attackers
> from other departments. Your configuration would leave open a hole in
> that case.
> 
> I'd really prefer a "safe by default" policy where only localhost is
> allowed by default, with an obvious commented-out section in the
> config file showing how to enable relaying.
> 
> But as the package maintainer, it's your choice - your default
> configuration is certainly safe 99% of the time.

Yes, but I think Tommi is right. If I put notice in README.Debian
and the administrator cannot figure it out, its not my fault.
So I'll only allow relaying for localhost.

In this case maybe a statement in the policy would be nice !?

Ciao
        Racke

-- 
Racke happily hacks Interchange and maintains Debian packages like Courier.

For projects and other business stuff please refer to COBOLT NetServices
(URL: http://www.cobolt.net; Email: info@cobolt.net; Phone: 0041-1-3884400)
Reply to: