This is a discussion on Message-ID:Reply-To:References:MIME-Version:Content-Type:In-Reply-To; b=b+BkcgSNS/ovTPT/k4mv74wCTzGEa9lN9ahHbT+3WsSttndHiORHEQT1riil2GwYXz 3kvxrOkunfepWMVguzhGOGZBbVGJN3D7SwF5oGWPNXjgvfMJVi fSom1Cl9FR8pokxcvCi1Vn989YTxFdkZv7isMbH7n1UwXRUzCh Isgg0= - SpamAssassin ; On Fri, Nov 07, 2008 at 04:45:57PM +0100, mouss wrote: > >> With hostnames there is a bigger change of failure (by just using a domain >> instead of exact hostname, letting f.e. dialup users from the domain forge >> ...
On Fri, Nov 07, 2008 at 04:45:57PM +0100, mouss wrote:
>
>> With hostnames there is a bigger change of failure (by just using a domain
>> instead of exact hostname, letting f.e. dialup users from the domain forge
>> the path).
>
> not sure I understand. people can't easily forge their rdns (in the
What I meant was more of a configuration error from admin.
I.e. whitelist_from_rcvd *@foo.bar orange.fr domain.wl
We already know this is a bad way (maybe dynamic orange users) even
currently. I don't know if there is much chance of second+ level failure, it
could be overlooked more easily:
whitelist_from_rcvd *@foo.bar smtp*.orange.fr domain.wl
Maybe domain.wl has dynamic users or some other bad servers? Who knows. I
agree it's a bit far fetched and easily corrected when spotted. Maybe there
could be even an failsafe option to detect "bad" received hosts.
I probably would start using this if implemented. Hostname support also in
trusted_networks would be especially handy. Good ideas, too little time to
code..
