I think it's true (Re: [Spambayes] Spambayes as an open mil
relay???)
Coe, Bob
rcoe at CambridgeMA.GOV
Tue Mar 2 09:56:24 EST 2004
On Mon, 1 Mar 2004 14:57:56 -0600, Jeff Epler <jepler at unpythonic.net>
wrote:
> On Mon, Mar 01, 2004 at 06:34:54PM -0000, Lee Edward Armstrong wrote:
>> However today i came back to my pc after work and saw my net connection
>> being hammered....Looked into what my firewall said and the only thing
>> running was spambayes !
>
> I didn't want to believe this, but it looks like it might be the case.
And Tim Stone replied:
> This isn't really a hole in spambayes smtpproxy; the smtp server that it's
> proxying is an open relay, and that's the problem. We'll put an option in
> that attempts to control where the smtpproxy accepts connections from.
>
> In the meantime, unless you use the smtpproxy for training purposes, it is
> absolutely not necessary. Simply leave the smtpproxy servers and ports
> list empty on the configuration page, and it won't make those connections,
> and all is well... this is the default configuration.
And after a bit more discussion, Tim followed up:
> Ok, you've convinced me. <wink> If you deconfigure the smtp server names
> and ports on the config page, this connection will drop. I'm going to fix
> the smtpproxy so that it by default only allows connections from localhost.
But the ability to restore the SMTP forwarder to its full functionality still lurks as an attractive nuisance, right? Given that you don't need to allow the proxy to forward SMTP mail except for training, how much functionality does that use require? In other words, could you still use the proxy for training, even if you permanently defeated its ability to forward mail not originating on localhost? If not, can you rig the port usage so that enabling the feature for training doesn't allow incoming mail to be relayed? In any case, it would be a good idea to include a warning with the ability to turn forwarding back on.
Bob
MIS Department, City of Cambridge
831 Massachusetts Ave, Cambridge MA 02139 · 617-349-4217 · fax 617-349-6165
More information about the Spambayes
mailing list