ietf-clear
[Top] [All Lists]

[ietf-clear] CSV implementation for Exim 4.

2004-12-11 07:17:22
 > I am a simple user on an old-fashioned time-sharing machine.  I run a
 > spamming smtp client on a machine run by a credible service that has
 > a good reputation.
 >
 > Does not the above convention let me spam my own host?

     Probably it does -- I hadn't though through it that far...

     But what's the problem?

     The sending SMTP client is localhost, meaning it's something under
  your own control. (I would hope your machine has a good reputation...)


look back over my description.  i'm just a user.  it's not my machine.

and i could imagine that it is also a way to get the machine to do open 
relaying of the spam to elsewhere.  (i'm stretching a bit, here, but suspect 
it's feasible.)


     But, to tell truth, I think it's far easier to deal with that by
  blocking localhost access to port 25...

     Does anything about this belong in Best Practices?

Simpler solution:  Don't build defaults into the spec, and especially no 
default host id's or addresses.


d/
--
Dave Crocker
Brandenburg InternetWorking
+1.408.246.8253
dcrocker  a t ...
www.brandenburg.com


<Prev in Thread] Current Thread [Next in Thread>