On Fri, Mar 1, 2013 at 5:33 AM, Tim March <span dir="ltr"><<a href="mailto:march.tim@gmail.com" target="_blank">march.tim@gmail.com</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"><div class="im"><div>On 1/03/13 12:22 PM, Heinz N wrote:<br>
</div>
<blockquote type="cite">IMHO : If the ausnog SMTP MTA relays for <a href="http://ausnog.net" target="_blank">ausnog.net</a>,
then the external spammer can pretend to be FROM <a href="http://ausnog.net" target="_blank">ausnog.net</a>,
sending TO <a href="http://ausnog.net" target="_blank">ausnog.net</a>. The SMTP agent will then relay with no
questions asked. No pwnage required.
</blockquote>
<br></div>
This is a Bad Thing
<span>™</span> from a security perspective. Imagine the
amount of spam you'd get if Google allowed unauthenticated
localdomain relay for <a href="http://gmail.com" target="_blank">gmail.com</a>.<br></div></blockquote><div><br></div><div>Umm.. They do. It's called "inbound email".</div><div><br></div><div><div><div>
scott@zaphod:~$ telnet <a href="http://gmail-smtp-in.l.google.com">gmail-smtp-in.l.google.com</a> 25</div><div>Trying 2607:f8b0:4001:c02::1a...</div><div>Connected to <a href="http://gmail-smtp-in.l.google.com">gmail-smtp-in.l.google.com</a>.</div>
<div>Escape character is '^]'.</div><div>220 <a href="http://mx.google.com">mx.google.com</a> ESMTP pd3si9862485icb.71 - gsmtp</div><div>helo there</div><div>250 <a href="http://mx.google.com">mx.google.com</a> at your service</div>
<div>mail from:<<a href="mailto:march.tim@gmail.com">march.tim@gmail.com</a>></div><div>250 2.1.0 OK pd3si9862485icb.71 - gsmtp</div><div>rcpt to:<<a href="mailto:march.tim@gmail.com">march.tim@gmail.com</a>></div>
<div>250 2.1.5 OK pd3si9862485icb.71 - gsmtp</div></div></div><div><br></div><div> Scott</div><div><br></div></div>