[unisog] Rejecting incoming mail with from addresses in your own
stevev at darkwing.uoregon.edu
Wed Jul 23 00:07:24 GMT 2003
Eric Pancer writes:
> On Tue, 2003-07-22 at 10:47:08 -0700, Steve VanDevender proclaimed...
> > Generally not a good idea. The main problem is that on most OSes the
> > stunnel connection is seen coming from localhost by your mail server,
> > bypassing any relay checks or IP-based connection restrictions you might
> > have. (I think maybe stunnel on Linux does some kind of trick to make
> > the remote address look the same to your mail server as it does to
> > stunnel). Spammers are already searching out machines with TLS and weak
> > (or no) authentication to inject spam through.
> Not entirely true.
> Jul 1 00:11:04 mailhost stunnel: spop3 connected from 10.31.113.234:49807
> On my spop3 server using stunnel, the above output shows the remote
You don't seem to have read my entire message where I pointed out that
stunnel uses a trick to fake the real connection address to the server
it is tunneling for. The addresss-faking trick stunnel uses may even
work on other OSes than Linux, but it is still not very portable.
More information about the unisog