Dean Strik wrote:
> John Payne wrote:
>
>>--On Sunday, February 02, 2003 05:09:29 PM -0500 Wietse Venema
>><wietseporcupine.org> wrote:
>>
>>
>>>Uh-oh, open proxy. There are (too) many of them, and they
>>>are actively being "traded".
>>
>>Could postfix alias 'POST' to 'QUIT' ? Only time you'd see POST is when a
>>HTTP proxy is being abused to contact your mailserver.
>
>
> Although I'm not Wietse, I can safely say 'no' here.
> Try requiring HELO/EHLO (smtpd_helo_required = yes) if you're bothered
> about non-SMTP crap. Note that some legit mail can be rejected though.

Nah, basing myself on what I receive on the externally accessible mail server
I maintain this wouldn't really work.

I would suggest using the reject_unauth_pipelining restriction...

> Personally, I'd ignore it altogether. It doesn't pose any threat.
>

It doesn't pose any treath (except the possibility of receiving spam) but that's
something which could easily be detected and acted upon...

It looks to me like it would be very easy to add both POST and CONNECT (which
are both used by proxies I believe) in the smtpd_cmd_table array (in smtpd.c)
and I think I wouldn't alias it to QUIT but more to received, reply-to, etc...

I haven't tried it yet but if I continue to receive spam from what are clearly
open proxies I think I'll try it...

Have a nice day!

Nick

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]