[Techtalk] multiple domains, single server
Malcolm-Rannirl
rannirl-lc at otherkin.net
Wed Dec 11 19:48:41 EST 2002
On Wednesday 11 December 2002 03:56 pm, Mary wrote:
> Everyone running a mail server that I've heard of simply accepts this.
> Getting an MTA to look at people's From: address in order to determine
> its own host name seems like somewhat of a security risk to me.
Why is it a risk?
The mail comes in on the requisite IP (mail.domain1:smtp or
mail.domain2:smtp), and only authorised users can send mail outside the
network from outside the network (via pop-before-smtp in this case).
I suppose joe at domain1 might be able to masquerade as joe at domain2 if there's
insufficient checks, but in this particular case that's not a problem (given
the domains and the users). If this was a commerical setting I'd be more
worried about it. If the only solution is to run two mail servers it's not a
risk at all as long as the servers are set up correctly.
> In any case, many remote servers will put the result of a reverse lookup
> into the headers when they receive mail from you. Unless you can control
> which interface the mail travels out on, you won't be able to control
> this reverse lookup.
Which was the original question - is there a way to control which interface
the mail goes out on? Preferably without having to run two seperate mail
server daemons. So far the answer seems to be not without the two daemons.
More information about the Techtalk
mailing list