[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: restricted relaying

On 02-Dec-99 at 00:59, Matti Aarnio (mea@nic.funet.fi) wrote:

> > Ok. Let me explain more exactly. One of our workers had to go out
> > of the company. And sometimes he has possibility to use computer
> > with given IP.
> >
> > I want to setup that when he connects from this IP (which isn't
> > from my domain) and he says:

>   The answer is:  No, there is no mechanism in plain Policy datasets
>                   to do that.
>   HOWEVER: If you run
>      - Possibly SSL
>      - SMTP AUTH LOGIN support (possibly without mandatory SSL mode before)
>   then a successfull login at email sending (rather trivial to force
>   to be used at Netscape, and likely at M$ IE too) will enable relaying
>   never mind where the user is.
>   (I use my office workstation that way as a relay for my laptop...)


note that the guy says that his client's machine has a fixed IP address.
He *could* just add this [IP]/32 to the smtp-policy.relay.  This should
suffice, given that checking of MAIL FROM does not add much security