[Spambayes] Spambayes as an open mil relay ???
Jeff Epler
jepler at unpythonic.net
Mon Mar 1 16:58:08 EST 2004
On Tue, Mar 02, 2004 at 10:18:44AM +1300, Tony Meyer wrote:
> SpamBayes isn't a mail server, so can't be used in this way. All it does is
> *proxy* your existing mail server. In other words, if someone connected to
> your sb_server, what they would get is the prompt to login to your mail
> server.
>
> If your mail server (at your ISP, or wherever) allows connections from
> anywhere, then people could send via your mail server through your proxy, if
> you have not firewalled this off. However, they could do exactly the same
> thing if they just connected directly to your mail server. If this is the
> case, you should try and convince the server's administrator(s) to fix the
> problem; it's theirs, not yours.
Tony,
I think that my mail server is configured like most: for "local"
connections, mail is accepted for any destination address. For "remote"
connections, mail is accepted only for local addresses.
If a spammer connects to my smtp port, they can only send mail to local
addresses. But if a spammer connects to sb_smtpproxy.py, the address
the real smtp server sees is a local address, and it will relay to any
address.
I agree that it's best to forbid connections from outside to arbitrary
ports (this is a basic rule of firewalling), but sb_smtpproxy.py should
still only bind the local interface by default, as my earlier patch
tries to force it to do.
Jeff
More information about the Spambayes
mailing list