In message <20020131120330.C27501@slab.gascol.cs.ubc.ca>, Brian de Alwis writes
:
>On 2002.01.29 19:53:17 -0500, Steven M. Bellovin wrote:
>> I think you're ok with what you're doing.  Anti-relay provisions don't 
>> make decisions based on source address -- that's too easily spoofed -- 
>> but on where the mail arrived.  
>
>Well I gave it a try (I use an almost identical set-up to yourself),
>and it did work. Which is great.
>
>But I find this a bit puzzling -- I thought anti-relay meant that it
>would only relay for e-mail to or from someone within its relaying
>domains. I.e. smtp.cs.ubc.ca would only relay for e-mail to or from
>addresses of the form <*@*.cs.ubc.ca>.  So they instead check that
>the machine sending the e-mail is within the domain? But then how
>does e-mail sent *to* people within cs.ubc.ca from outside get accepted?

I oversimplified:  it uses domain names for destination addresses, but 
IP address for origination.  Someone is an insider if they are (a) on 
the right network(s), which is (presumably) under the control of the 
administrator, or (b) receiving mail in that domain, which is 
definitely under administrative control.  You can't use domain name for 
source-checking, or the spammers will send all their mail as being from 
root@cs.ubc.ca or what have you.  Heck, they'd just send it as being 
from root, and let the sending site fill in its domain name.

		--Steve Bellovin, http://www.research.att.com/~smb
		Full text of "Firewalls" book now at http://www.wilyhacker.com