Open Relay Checker before Opening MTA
Matthew Hawkins
matthew at topic.com.au
Mon Feb 11 10:22:33 EST 2002
On Sun, 10 Feb 2002, Daniel McNamara wrote:
> Due to a recent ugly incident where one of my work place mail servers was
> blacklisted for being an open relay (nothing major it was for some reason
> accepting null <> users to send mail bypassing IP range checks)
Heh, a misconfiguration based on good intentions.
Note that the internet standard says you MUST accept mail to the null
sender. This is how bounces are sent. BUT note that the null sender is
ALWAYS the *envelope* sender, and NEVER the *message header* sender (the
message header sender is usually changed to "MAILER-DAEMON" or sometimes
"postmaster")
Some people are confused by the two, and always accept mail to the
message header null sender, making them an open relay. It's a
surprisingly common misconfiguration. If you want to be truly correct,
you should, rather, always *reject* mail from the message header null
sender. It will *never* be null for legitimate mail.
--
Matt
More information about the linux
mailing list