[unisog] Rejecting incoming mail with from addresses in your own domain.

Paul Heinlein heinlein at madboa.com
Tue Jul 22 02:23:56 GMT 2003


On Mon, 22 Jul 2003, Russell Fulton wrote:

> Some of us have a few hosts that handle all (or most of ) our off
> campus mail and it should not be difficult to configure these to
> drop incoming mail with from addresses which appear to be internal.
>
> One problem I can see with this is that we have individuals who are
> off campus (for what ever reason) who are using our MTAs as their
> SMTP servers.  We are planning to provide SSL wrapped, authenticated
> SMTP for this and we would treat such connections as internal.
>
> Any other gotcha that anyone can think off?

When one of our faculty members was in mainland China, commercial
Internet cafes were his only option for e-mail access. At least one of
the cafes provided browsers only capable of 40-bit SSL. He was able to
find a more suitable kit at a cafe down the street, but until he did
so, he was locked out of our SSL infrastructure, which demands 128-bit
crypto.

Anyway, traveling faculty or students away on holiday might get bit by
that sort of policy.

Question: are you planning to do smtp auth on port 25 or 587?

--Paul Heinlein <heinlein at madboa.com>



More information about the unisog mailing list