[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: restricted relaying

To: Matti Aarnio <mea@nic.funet.fi>
Subject: Re: restricted relaying
From: Eugene Crosser <crosser@online.ru>
Date: Thu, 2 Dec 1999 13:10:23 +0300 (MSK)
cc: "E.Colanski" <ecol@ibud.vr9.com>, zmailer@nic.funet.fi
In-Reply-To: <19991201235813.B27839@nic.funet.fi>
Reply-To: Eugene Crosser <crosser@online.ru>
Sender: crosser@ariel.sovam.com

On 02-Dec-99 at 00:59, Matti Aarnio (mea@nic.funet.fi) wrote:

> > Ok. Let me explain more exactly. One of our workers had to go out
> > of the company. And sometimes he has possibility to use computer
> > with given IP.
> >
> > I want to setup that when he connects from this IP (which isn't
> > from my domain) and he says:

>   The answer is:  No, there is no mechanism in plain Policy datasets
>                   to do that.
> 
> 
>   HOWEVER: If you run
>      - Possibly SSL
>      - SMTP AUTH LOGIN support (possibly without mandatory SSL mode before)
>   then a successfull login at email sending (rather trivial to force
>   to be used at Netscape, and likely at M$ IE too) will enable relaying
>   never mind where the user is.
>   (I use my office workstation that way as a relay for my laptop...)

Matti,

note that the guy says that his client's machine has a fixed IP address.
He *could* just add this [IP]/32 to the smtp-policy.relay.  This should
suffice, given that checking of MAIL FROM does not add much security
anyway.

Eugene

References:
- Re: restricted relaying
  - From: Matti Aarnio <mea@nic.funet.fi>

Prev by Date: Re: restricted relaying
Next by Date: Miraculous problem, possibly BAD!
Prev by thread: Re: restricted relaying
Next by thread: Re: restricted relaying
Index(es):
- Date
- Thread