[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Trouble using "sendmail" w/ inetd for incoming mail



On Thu, 1 Aug 1996, Matti Aarnio wrote:

> Brian Fisk wrote about zmailer sendmail:
> > Looking through the sendmail source, I noticed that the -bs option fires
> > up the smtpserver in interactive mode with the -i option, but without any
> > of the options specified in the SMTPOPTIONS variable.
> > 
> > Matti, is this a feature for 2.99.33?
> 
> 	Original problem fix is, but would you elaborate on
> 	what you want to be done regarding the SMTPOPTIONS ?
> 	To be feed to the smtpserver program ?

Yes. You specify the SMTPOPTIONS variable in the zmailer.conf file, so
that when you type "zmailer smtpserver", it is started with the options
you specify.  But when you startup a server in standalone mode via the
"sendmail -bs" command, none of these commands are passed in to the
subsequent smtpserver call. Specifically:

      (path is set to the path to the smtpserver program).
      execl(path, "smtp-in", "-i", (char *)NULL); 

It makes sense to also pass in the arguments specified in zmailer.conf,
doesn't it? For example, how do you tell it where to log without the -l
option?

> 	How about integrating tcp-wrapper into the server itself ?

All the better--it would cut down on the overhead of firing up another
copy every time there is an incoming connection.
 
> 	By the way, why it is needed ?   To provide a stopgap against
> 	SPAMers ? Would not some smarter way be better ?  Say, to
> 	accept all doubtfull messages, and then to place them into
> 	some manual pre-inspection area instead of normal router ?
> 	(I am doubtfull of its effectiveness, as at SPAM-war there
> 	 is no advanced warning on which to add wrapper rules...)

We use it for avariety of security reasons.  If the machine is a mail
exploder, for example, then you only want to receive mail from a handful
of trusted hosts. Using header information isn't very useful, because it
can be easily forged.  It's more secure to deny service based on their IP
address.  Rather than allowing from all and then denying certain hosts,
you deny from all and then allow certain hosts. 

Manual pre-inspection is out of the quesstion if you're dealing with
thousands of messages per day.



-- Brian Fisk * bfisk@netspace.org * http://www.netspace.org/users/bfisk --
        You're not going crazy, you're going sane in a crazy world!