[Spambayes] Spambayes as an open mil relay ???

[Tony Meyer]

> If a spammer connects to my smtp port, they can only send 
> mail to local addresses.  But if a spammer connects to 
> sb_smtpproxy.py, the address the real smtp server sees is a 
> local address, and it will relay to any address.

Good point, although don't most SMTP servers require authentication these
days?  (All the ones I have access to do, although I don't really have any
idea about anywhere else).

> I agree that it's best to forbid connections from outside to 
> arbitrary ports (this is a basic rule of firewalling), but 
> sb_smtpproxy.py should still only bind the local interface by 
> default, as my earlier patch tries to force it to do.

TimS is going to add in a patch that works like the ui, so that connections
are only accepted from a list of IP addresses/ranges (defaulting to
localhost).  He's also going to update the documentation to make it clearer
that you don't need to enter in the SMTP server details unless you actually
want to use the SMTP proxy for training (which many people don't).

=Tony Meyer

---
Please always include the list (spambayes at python.org) in your replies
(reply-all), and please don't send me personal mail about SpamBayes. This
way, you get everyone's help, and avoid a lack of replies when I'm busy.