Re: policy rejection problem

[Rik van Riel <riel@humbolt.nl.linux.org>]

On Mon, 21 Jun 1999, Ecol wrote:
> On Mon, 21 Jun 1999, Ecol wrote:
> 
> >>Allowing relaying should only be done on the basis of IP
> >>addresses or proper authentication, otherwise your system will
> >>be a spammers' relay before you know.
> 
> It's impossible to introduce authentification because of some
> conditions (no matter what conditions)

OK, then you're basically busted and will need to code
something up so that you can at least control the spammers
a little bit.

> >Secondly, it shouldn't be too difficult to write a proper
> >identification script so that you can acchieve what you want
> >without relying on bugs or becoming a spam relay nest...
> 
> Any detailed suggestion? What did you mean? 

There are a number of things that can be done.
- post mail through an SSH tunnel
- only allow mail from a system that's also got a telnet or ssh
  login on your system
- don't allow mail from the outside, let people login and write
  their mail from pine/mutt/etc
- use VPN software or something similar
- ...

cheers,

Rik -- Open Source: you deserve to be in control of your data.
+-------------------------------------------------------------------+
| Le Reseau netwerksystemen BV:               http://www.reseau.nl/ |
| Linux Memory Management site:   http://www.linux.eu.org/Linux-MM/ |
| Nederlandse Linux documentatie:          http://www.nl.linux.org/ |
+-------------------------------------------------------------------+