(My apologies if this already known, and also for not submitting a proper bug report, since I don't know how, and I don't want to risk this being overlooked.)
The smailconfig script included with smail 3.2.0.101-4.4 (in frozen) does not set the smtp_remote_allow option. As a result, any computer on the internet can relay mail through a Debian system with smail installed. Spammers take advantage of sites that are open relays to send their mass mailings for them. (So any site with an open relay is not doing the rest of the internet a big favour.) (For more information on open relays, spammers and what to do about them, consult http://maps.vix.com/tsi/.) It is my opinion that this is serious enough that it should be fixed before Debian 2.0 is released. One possible fix, even suggested in the default smail config file is to say smtp_remote_allow=localnet, which restricts relay to users on the same network as the mail server. It will not restrict incoming or outgoing mail. This is reasonable as it allows the default config to be used on a server, and minimises the risk of unwanted relay. Another fix would be to add another question to the smailconfig script. Also note that this is not fixed in smail 3.2.0.101-5, which is in unstable. Andrew Lewycky [EMAIL PROTECTED] -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
