[unisog] Rejecting incoming mail with from addresses in your own domain.

Steve VanDevender stevev at darkwing.uoregon.edu
Wed Jul 23 00:07:24 GMT 2003


Eric Pancer writes:
 > On Tue, 2003-07-22 at 10:47:08 -0700, Steve VanDevender proclaimed...
 > 
 > > Generally not a good idea.  The main problem is that on most OSes the
 > > stunnel connection is seen coming from localhost by your mail server,
 > > bypassing any relay checks or IP-based connection restrictions you might
 > > have.  (I think maybe stunnel on Linux does some kind of trick to make
 > > the remote address look the same to your mail server as it does to
 > > stunnel).  Spammers are already searching out machines with TLS and weak
 > > (or no) authentication to inject spam through.
 > 
 > Not entirely true.
 > 
 > Jul  1 00:11:04 mailhost stunnel[465]: spop3 connected from 10.31.113.234:49807
 > 
 > On my spop3 server using stunnel, the above output shows the remote
 > host.

You don't seem to have read my entire message where I pointed out that
stunnel uses a trick to fake the real connection address to the server
it is tunneling for.  The addresss-faking trick stunnel uses may even
work on other OSes than Linux, but it is still not very portable.



More information about the unisog mailing list