Re: FW: (REPOST) Sendmail 8.11 configuration/security issue

<snip>
> -----Original Message-----

All I said was that these products will not stop the forging of email. I didn't say that don't do other things or that they're not useful products, or that they can't be used to allow remote users to do authenticated relaying from untrusted networks.

>
>
> The problem as I understand it:

Sure. You could write a sendmail ruleset to prevent this too (there are attempts of varying quality findable via groups.google.com). You can also write sendmail rulesets to bounce all mail with 'DUCK' in the subject line, but that won't protect you from all offensive content. My point was that it 'breaks stuff' and it doesn't solve the problem of forged email except maybe for a single domain, or a list of domains. Lots of perfectly legitimate mail is floating around where the relay doesn't 'match' the return address. How do you decide?

I'm coming from the school that says unsigned (and/or unencrypted) email should not be used for 'business directives' anyway (for a variety of reasons) and that's what I tell clients. I don't think it's that hard to convice people of this. Our users aren't stupid. They just need to have things explained to them.

>
> Also see:

I think this _particular_ link speaks about relaying, not forging?

        " My own networks The mynetworks parameter lists all networks
        that this machine somehow trusts. This information can be used
        by the anti-UCE features to recognize trusted SMTP clients that
        are allowed to relay mail through Postfix. "