Re: Bad-Clients: definitely not working
- From: JF Mezei <jfmezei.spamnot@xxxxxxxxxxxx>
- Date: Sun, 21 May 2006 19:38:36 -0400
Phillip Helbig---remove CLOTHES to reply wrote:
Then I would have to put EVERY IP I receive email from in the
good-clients list.
Nop. The good clients list is to define your local LAN so that hosts in
the good client list can relay to the outside world. Those outside the
good clients list cannot relay to the outside world. The outside workd
is defined by the "Relay -Zones:" line in the config file which defines
to whom peoople in the world can send email to via your SMTP server
without it being considered a "relay"
Say your machines host different domains: chocolate.com and vanilla.com
You would define the relay zones to contain chocolate.com and vanilla.com.
So someone who is not on the good clients list will be allowed to send
email to anyone on @chocolate.com or @vanilla.com , but will not be
allowed to send mail to anything else.
Someone on the good clients list will be allowed to send email to anyone
to any domain.
The relay zones is essential to close the "relaying" hole.
AKA: if the TCPIP SHOW CONF SMTP says "RELAY" , then you must define the
good clients and the relay zones to make your server functional AND
safe. Without both, then people can use your server as a relay server to
send hundreds of billions of spam messages (unless you are on a microvax
II where they will only be able to send dozens of spams :-)
If TCPIP SHOW CONF SMTP shows "NORELAY" , then only email originating
from the same host as the SMTP server will be allowed to go to the
internet, and only email destined for that host will be accepted from
the internet.
So, if I send an email from my MAC via node BIKE to
bill.clinton@xxxxxxxxxxxxxx, BIKE will:?
-if TCPIP SHOW CONF SMTP says "NORELAY", then message is rejected at
the RCPT TO: bill.clinton@xxxxxxxxxxxxxx
-if TCPIP SHOW CONF SMTP shows "RELAY", then:
receiver checks to see if the MAC,s IP address is in the good clients.
If so, it allows the email.
if "MAC" is not in the good clients, it checks if "whitehouse.gov" is
in the relay zones, if not, then it
rejects the message at the RCPT TO command.
The Bad Clients: is acted upon right at the connection establishent
before the client can issue any commands. In your case, it appears that
the software ignores the bad clients because of an implicit good clients
that encompasses everything.
The good clients need only specify hosts on your LAN. They essentially
bypass much of the spam protections.
When you receive email on VMS, what IP does it come from? Is this in
your Good-Clients list?
The whole point of the good-clients list is to define which hosts can
send email to hosts that are not in your domain (aka: relay). Hosts that
are not considered "good clients" can only send email to your domain.
In essence, it defines who can send email TO you (not on the good
clients), and who can send email FROM you (on the good clients). ("you"
here is your SMTP server).
.
- Follow-Ups:
- Re: Bad-Clients: definitely not working
- From: Phillip Helbig---remove CLOTHES to reply
- Re: Bad-Clients: definitely not working
- References:
- Bad-Clients: definitely not working
- From: Phillip Helbig---remove CLOTHES to reply
- Re: Bad-Clients: definitely not working
- From: JF Mezei
- Re: Bad-Clients: definitely not working
- From: Phillip Helbig---remove CLOTHES to reply
- Bad-Clients: definitely not working
- Prev by Date: Re: OT: Woodcrest (X86-64) will ouperform all other cpus on the market says Inquirer.
- Next by Date: Re: OT: Woodcrest (X86-64) will ouperform all other cpus on the market says Inquirer.
- Previous by thread: Re: Bad-Clients: definitely not working
- Next by thread: Re: Bad-Clients: definitely not working
- Index(es):
Relevant Pages
|
