Hi,

the pppoe(4) man page suggests:

EXAMPLES
      A typical /etc/ifconfig.pppoe0 file looks like this:

            [...]
            inet 0.0.0.0 0.0.0.1
            [...]

At first, I simply adopted this example, with the effect that my pppoe0
interface had a netmask of 0xff000000. This went completely unnoticed. I
also run Postfix. As per Postfix' default configuration ($mynetworks
parameter):

# You can specify the list of "trusted" network addresses by hand
# or you can let Postfix do it for you (which is the default).

This means Postfix looks at each interface and uses the ip/mask as an
indication of trust to allow relaying. I only noticed this when doing
postconf(1) one day to browse through options wrt fixing another problem.

I think it's clear that with a pppoe0 interface with mask 0xff000000 any
user of your provider (and likely more) is allowed to relay through you
per default, which is unacceptable imho.

The pppoectl(8) man page makes the same mistake. Simply adding 'netmask
0xffffffff' to the above /etc/ifconfig.pppoe0 line fixes this and should
be reflected in the man pages, especially in examples that newbies like
me are going to copy&paste.

How would I get this change implemented now? send-pr with a diff of the
man page source files?

-- 
Of course it runs NetBSD.

PGP key: 42A5E773 / 41DE 4A4C DB34 33F7 2044  8FE0 91AA C584 42A5 E773