When you declare this feature you cause the domain part of the address in $f (the
portion of the address to the right of the @ character) to be compared to the list of
hosts in the $=w class macro (?§22.6.16 on page 876). Recall that the class $=w contains
all the names by which the local host can be known. If the domain in $f is
found in that class, relaying is allowed.
The risk should be obvious. Because $f is given its value as a part of the SMTP MAIL
From: command, that address can be forged to appear local by anyone on the Internet.
That is, by declaring this feature, you are opening up your host to abuse by the
entire world.
So, why does sendmail offer this FEATURE(relay_local_from)? If you administer a site
that is behind a firewall and an Internet mail hub, and if your internal machines cannot
be contacted on any port from the outside world, you might find this a simple
way to allow global relaying within that network.
We suggest, however, that SMTP AUTH (?§5.1 on page 183) or STARTTLS (?§5.3 on page
202) will provide a safer way to authenticate local origination addresses upon which
to base the permission to relay. A safer way to relay based on connection domains is
the Connect: keyword in the access database. If you prefer a simpler solution, the
FEATURE(relay_mail_from), described next, might be just what you are looking for,
although it, too, is risky.
Pages:
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509