Subject: Re: pppoe(4) man page in conjunction with Postfix leaves gaping relay hole
To: Jun-ichiro itojun Hagino <firstname.lastname@example.org>
From: Bill Sommerfeld <email@example.com>
Date: 10/01/2003 21:34:57
> > inet 188.8.131.52 -> 184.108.40.206 netmask 0xff000000
> > which causes Postfix to treat 220.127.116.11/8 as a trusted network to relay for.
> now i see the problem. yes, it has to be fixed (documentation fix only
> i suppose).
For its default policy, postfix should probably ignore the netmask
(i.e, assume a /32) on interfaces flagged as IFF_POINTTOPOINT.
And I think that policy is suspect anyway -- would you want
cable-modem customers to have mailers that relay by default for the
virus-ridden infected open proxies on their cable subnet?
(would be simpler if we had IFF_EVIL/IFF_GOOD interface flags ;-) )