OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: check_relay_domains on UCE exceptions (was Re: how to bypass UCE)
From: Louis-David Mitterrand (cunctatorapartia.ch)
Date: Sun Dec 17 2000 - 04:20:32 CST

On Sun, Dec 10, 2000 at 10:21:54PM +0100, furio ercolessi wrote:
> On Sun, Dec 10, 2000 at 03:08:42PM -0600, J.D. Bronson wrote:
> > I run several forms of UCE protection on postfix, but have 2 users who need
> > unconditional email (even if it is spam)....
> >
> > what is the EASIEST way to accomplish this?
>
> smtpd_recipient_restrictions =
> [...],
> check_recipient_access hash:/etc/postfix/spammed,
> [...UCE checks you want to bypass...]
>
> with map "spammed" containing addresses of people not subjected
> to UCE checks:
>
> postmaster OK
> abuse OK
> lovespamdomain1 OK

Shouldn't that be:

        postmaster check_relay_domains
        abuse check_relay_domains

instead?

If you "OK" any mail for postmaster then you are an open relay as
mail for postmasterany-domain-on-earth.com could be relayed through
your machine.

Or am I missing something? 

-- 
    PHEDRE: Presse, pleure, gémis, peins-lui Phèdre mourante,
            Ne rougis point de prendre une voix suppliante.
                                          (Phèdre, J-B Racine, acte 3, scène 1)