OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: relay security...
From: Matthias Andree (madt.e-technik.uni-dortmund.de)
Date: Mon Dec 11 2000 - 05:43:06 CST


wietseporcupine.org (Wietse Venema) writes:

> I will change the mynetworks default, because most users will not
> figure out from the documentation what is a proper setting unless
> Postfix refuses to relay mail for them.

Wrong, users trust the "Postfix is secure out-of-the-box" claims and are
deceived when it comes to tell "mine" from "theirs".

If you expect users to read the documentation and configure postfix
nontheless, then using /32 defaults all over networks is nice. Rejected
relay submissions will alert users and administrators, and it will
actually prove things are sure.

Please put out -pl12 shortly so anyone who feels like doing so can alert
Bugtraq and CERT.

-- 
Matthias Andree