Subject: Re: pppoe(4) man page in conjunction with Postfix leaves gaping relay
To: None <>
From: Jun-ichiro itojun Hagino <>
List: tech-userlevel
Date: 10/02/2003 09:39:52
> the pppoe(4) man page suggests:
>       A typical /etc/ifconfig.pppoe0 file looks like this:
>             [...]
>             inet
>             [...]
> At first, I simply adopted this example, with the effect that my pppoe0
> interface had a netmask of 0xff000000. This went completely unnoticed. I
> also run Postfix. As per Postfix' default configuration ($mynetworks
> parameter):
> # You can specify the list of "trusted" network addresses by hand
> # or you can let Postfix do it for you (which is the default).
> This means Postfix looks at each interface and uses the ip/mask as an
> indication of trust to allow relaying. I only noticed this when doing
> postconf(1) one day to browse through options wrt fixing another problem.
> I think it's clear that with a pppoe0 interface with mask 0xff000000 any
> user of your provider (and likely more) is allowed to relay through you
> per default, which is unacceptable imho. will not match any source address.  am i mistaken?