Andy Bakun wrote:
On Tue, 2004-02-03 at 14:13, Dustin D. Trammell wrote:
Normally, I would agree with this 100%. This sounds like a perfect
case for local firewall policy. However, I can see a scenario
where you may want to define a remote host as being allowed to send
mail for your domain, but you only want your user account on that
host to be the one allowed to do it. In that case, you do not
control the firewall policy on that host, you simply have a user
account, and you only control the SPF policy for your domain. If
the admin of that host allows the users to send mail directly from
that host, you may want to make use of that and declare it as legal
in your SPF policy.
If you can not change firewall policy for a host, what are the chances
you can get identd running AND allow identd incoming through the
firewall?
On my hosts, absolutely 0% chance. I have extremely strict local
policies and do not run ident. But I'm also quite a bit more strict
than most admins I know. Some hosts that I have accounts on have NO
local firewalling policy, and at that point it would be determined by
whether or not an ident server is running. In the end, it really comes
down to the fact that the macro will only be useful if the host in
question can support it, and if it can, what would be the reason for not
using it?
---
Dustin D. Trammell
Vulnerability Remediation Alchemist
Citadel Security Software, Inc.
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.5.txt
Wiki: http://spfwiki.infinitepenguins.net/pmwiki.php/SenderPermittedFrom/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)½§Åv¼ð¦¾Øß´ë�ù1I�í-»F�qx(_dot_)com