Subject: Re: pppoe(4) man page in conjunction with Postfix leaves gaping relay
To: None <TeCeEm@gmx.de>
From: Jun-ichiro itojun Hagino <firstname.lastname@example.org>
Date: 10/02/2003 09:39:52
> the pppoe(4) man page suggests:
> A typical /etc/ifconfig.pppoe0 file looks like this:
> inet 0.0.0.0 0.0.0.1
> At first, I simply adopted this example, with the effect that my pppoe0
> interface had a netmask of 0xff000000. This went completely unnoticed. I
> also run Postfix. As per Postfix' default configuration ($mynetworks
> # You can specify the list of "trusted" network addresses by hand
> # or you can let Postfix do it for you (which is the default).
> This means Postfix looks at each interface and uses the ip/mask as an
> indication of trust to allow relaying. I only noticed this when doing
> postconf(1) one day to browse through options wrt fixing another problem.
> I think it's clear that with a pppoe0 interface with mask 0xff000000 any
> user of your provider (and likely more) is allowed to relay through you
> per default, which is unacceptable imho.
0.0.0.0/8 will not match any source address. am i mistaken?