On Wed, May 07, 2014 at 09:04:37PM +0200, Sebastian Nielsen wrote:
> About the "forgetting" of the purpose of the access file:
> Did put a comment block in the access file:
>
> #NEVER EVER PUT ANYTHING YOU DONT WANT TO BE OPEN RELAY FOR IN THIS FILE#
> #ONLY USE PERMIT_MYNETWORKS OR SIMILIAR RESTRICTIONS#
> sebbe.eu permit_mynetworks, reject
>
> Then I will never forget, and successors of me wont break the open relay
> prevention system.
Belt and suspenders, apply the check in smtpd_sender_restrictions,
and don't set "smtpd_delay_reject = no". Document this requirement.
In the dedicated access file (yes, not named "access") the comments
should state that this must never return an unconditional OK for
any lookup keys. Only "permit_mynetworks", "permit_sasl_authenticated"
or similar are acceptable, because this access file is for relay
access by sender domain, and sender domains are easy to forge, so
real access control must still be applied.
--
Viktor.
