[Prev][Next][Index][Thread]
Re: preventing relaying from outside?
On Thu, 2 Oct 1997, Greg Andrews wrote:
> As soon as you decide you must block unauthorized relaying, you
> need to make a list of customer's domains. Otherwise, you'll
> wrongly block mail from an outside site to a customer's domain.
>
> I suggest that you make a policy of relaying mail for only the
> domains where your DNS servers are the primary or secondary (or
> both). Such domains require you to configure your DNS servers
> anyway, so you will be notified when to add domains to your mail
> servers, and when to delete it. If your lan-lan customers want
> to register domain names that don't use your DNS servers, they
> must also be prepared to accept the mail on their own servers.
>
> You can make exceptions, of course, but the policy makes sure you
> are notified when a customer adds a new domain, so your mail servers
> will relay for it. If the customer fails to notify you of a new
> domain, it's not your fault the mail is refused.
This blocking by domain name seems like a pretty lame idea, being that you
can block by ip address, which strikes me as a much better idea. Anybody
can "spoof" a domain name, but IP address spoofing can be quite
effectively filtered at the router level.
James Smallacombe Internet Access for Bucks County
james@xxxxxxx And Philadelphia, PA.
PlantageNet Internet Ltd. http://www.pil.net
"I'll plant Plantagenet, root him up who dares." 3Henry Vi, I,i
Follow-Ups:
References: