[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: More info on percent hack

On Tue, Feb 25, 2003 at 04:18:20PM -0500, Vince wrote:
> Actually,
> I've determined that anything defined in localnames is safe as long as it
> appears as a relay target in the SMTP policy.  So for example:

Ok, this has more and more feeling of the "pilot error".
And of course, system doing unexpected things when it is
used in ways that I didn't intend...

Could you send me your original dataset ?
Actually the   'smtp-policy.dat'  file  should be
enough for me to determine what was the input.

Also tell me example addresses, which relayed thru,
your MTA's primary domain name, and its IP addresses.

I have also considered altering the policy dataset internal
format a bit so that   'bar.foo'  in  localnames  is not at
all related to  'bar.foo'  in  smtp-policy.relay, or any other
file.  It will definitely need rethinking of the analysis

> If we have a localnames file that looks like this:
> mail.my.dom   mail.my.dom #actual host name
> smtp.my.dom  mail.my.dom
> abcd.my.dom  mail.my.dom
> Then mail.my.dom, smtp.my.dom, and abcd.my.dom could all be used in the
> percent hack.  The simplest way to close the hole is to add relay target
> entries for each localname in the smtp policy, like this:
> mail.my.dom   relaytarget +
> smtp.my.dom  relaytarget +
> abcd.my.dom  relaytarget +
> However, I'm not sure how other SMTP policy entries might affect the percent
> hack.
> vince puzzella
> software developer
> http://bluecatnetworks.com

/Matti Aarnio
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi