[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: More info on percent hack
On Tue, Feb 25, 2003 at 04:18:20PM -0500, Vince wrote:
> Actually,
> I've determined that anything defined in localnames is safe as long as it
> appears as a relay target in the SMTP policy. So for example:
Ok, this has more and more feeling of the "pilot error".
And of course, system doing unexpected things when it is
used in ways that I didn't intend...
Could you send me your original dataset ?
Actually the 'smtp-policy.dat' file should be
enough for me to determine what was the input.
Also tell me example addresses, which relayed thru,
your MTA's primary domain name, and its IP addresses.
I have also considered altering the policy dataset internal
format a bit so that 'bar.foo' in localnames is not at
all related to 'bar.foo' in smtp-policy.relay, or any other
file. It will definitely need rethinking of the analysis
algorithms.
> If we have a localnames file that looks like this:
>
> mail.my.dom mail.my.dom #actual host name
> smtp.my.dom mail.my.dom
> abcd.my.dom mail.my.dom
>
> Then mail.my.dom, smtp.my.dom, and abcd.my.dom could all be used in the
> percent hack. The simplest way to close the hole is to add relay target
> entries for each localname in the smtp policy, like this:
>
> mail.my.dom relaytarget +
> smtp.my.dom relaytarget +
> abcd.my.dom relaytarget +
>
> However, I'm not sure how other SMTP policy entries might affect the percent
> hack.
>
> vince puzzella
> software developer
> http://bluecatnetworks.com
/Matti Aarnio
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi