MSA & MTA & Milters Was [Re: Firewall and NAT]

Alexander Dalloz ad+lists at uni-x.org
Wed Nov 3 03:54:07 UTC 2004 

Am Mi, den 03.11.2004 schrieb Ow Mun Heng um 4:31:

> > > How can one Explicitly bind the milters then?
> > 
> > Paul posted it recently, so did I. It is set via the sendmail.mc in the
> > sendmail.cf. See Paul's posting:
> > 
> > http://marc.theaimsgroup.com/?l=fedora-list&m=109845682807103&w=2

List:       fedora-list
Subject:    Re: Sendmail Milter Question
From:       Paul Howarth <paul () city-fan ! org>
Date:       2004-10-22 14:52:11
Message-ID: <41791E9B.6060902 () city-fan ! org>

> > http://marc.theaimsgroup.com/?l=fedora-list&m=109884722321154&w=2

List:       fedora-list
Subject:    Re: Setting up SMTP?
From:       Alexander Dalloz <alexander.dalloz () uni-bielefeld ! de>
Date:       2004-10-27 3:20:02
Message-ID: <1098847201.18072.198.camel () serendipity ! dogma ! lan>

> Thanks. (Do you have the title of your email instead? I don't have I-net
> access but I have like 40,000 mails from Fedora Mail List cached
> Locally)

See above.

> > > > >       * How much do you trust authenticating users? When malware gets
> > > > >         sent (unknown to the orginator) does it send through the users
> > > > >         MUA (eg: if users are using Outlook(R)
> > > > 
> > > > In which way is that specific for using the MSA? If you have a worm on a
> > > > Windows[tm] machine being able to use the auth data saved within the
> > > > mail program, then it does not matter whether you use the MTA or the
> > > > MSA. As server administrator you can hardly handle such cases. Only if
> > > > you have a close eye on the logs and you observer suspicious sendings.
> > > 
> > > That statement was closely related to my 1st point eg: If the MSA does
> > > not run any milters. Then it _would_ matter wouldn't it?
> > 
> > I don't understand why that depends on any milter? Sendmail handles the
> > authentication by using SASL. How should any daemon (not Sendmail
> > specific question) distinguish valid and "stolen" auth data? Do you have
> > any sophistic milter in mind?
> 
> You misunderstood me. I'm not talking about auth and the like. (meaning,
> since outlook (r) caches the auth etc.. it's meaningless actually once
> comprimised) I was merely stating that MSAs, (like mine) does not have
> milters binded. (at least I think it doesn't, whcih I need to check)  

I must confess that you lost me somewhere. I do not understand your
point. If the auth data of a client/user is misused on the client side -
how should the server detect this?
  
> > You need to run the MTA on port 25 if you want to receive mail by
> > unknown users / other servers. There may be scenarios where users with a
> > "private" mail server on a dial-in line don't need to receive mail by
> > other servers. Ok, those could close the MTA.
> 
> Unless they, like me, run fetchmail to feed 
> the mails to the MTA for the milters to work

As said, the milters are available too if mail is processed via the MSA.
fetchmail can deliver the fetched mail differently than just to a
running MTA on port 25.

Alexander


-- 
Alexander Dalloz | Enger, Germany | new address - new key: 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora GNU/Linux Core 2 (Tettnang) on Athlon kernel 2.6.8-1.521smp 
Serendipity 04:41:35 up 14 days, 2:21, load average: 0.43, 0.47, 0.72 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20041103/aba4bcb9/attachment-0002.bin

More information about the users mailing list