Firewall and NAT

Ow Mun Heng Ow.Mun.Heng at wdc.com
Wed Nov 3 01:05:29 UTC 2004


On Tue, 2004-11-02 at 17:00, Paul Howarth wrote:
> On Mon, 2004-11-01 at 18:55, Leonard Isham wrote:
> > I suspect that these are the reasons sendmail.org recommends firewalling MSA:
> > 
> > Meant to be less strict on standards compliance
> >     * Addresses don't have to be fully qualified
> >     * Hostnames don't have to be fully qualified
> >     * Don't require "required" headers, e.g. Message-ID: and Date: 
[SNIP]
> Hence the advice of firewalling it off from external
> clients. However, there is another way to prevent this, i.e. by setting
> up the MSA with the "a" daemon flag, like this:
> 
> FEATURE(`no_default_msa')dnl
> DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
> 
> The "a" flag makes the MSA require authentication from any client
> connecting to it. This is how to ensure that only genuine roaming users
> with the right username/password can access the MSA, without leaving it
> open to anybody attempting local delivery.

Hey Paul...
	How did you locate the M=Ea option. Is it anywhere in the sendmail doc?
(not online meaning)




More information about the fedora-list mailing list