Re: Broadband querry

Quoting Philip Reynolds (philip.reynolds@xxxxxxxxxxxxxxx):

> Apart from the sneaky tests you mentioned, one other advantage is
> something that Niall mentioned in one of his original posts. Some
> people don't have access to external machines.
> 
> In an example business LAN environment, the MTA will more than
> likely be less restrictive as to what can be done from within the
> LAN (relaying being one of the most common examples).

Er, while the point is valid for the more _general_ case of security
testing, when you're talking specifically about mail relaying, you can
do basic testing (which is pretty much all you should need) right from
localhost.  And that's generally what I do.  That is, from the console
of uncle-enzo.linuxmafia.com, I telnet into port 25 of
uncle-enzo.linuxmafia.com, and attempt to coax the MTA into accepting
mail addressed From: user$FOREIGN_DOMAIN1, To: user@FOREIGN_DOMAIN2.
If it is willing to do that, then it relays.  (If it doesn't, yes, it
might be vulnerable to one of those sneaky methods, but -- to a first 
approximation -- it doesn't do relaying.)

In any event, one would actually be best served by understanding one's
MTA, as the primary protection.  I do the relay check just as a sanity
check, to ensure that I haven't screwed up in some horrible and peculiar
fashion that for some bizarre reason I've failed to spot.

And, much as I respect Paul Vixie, I feel better about conducting my own
security checks, thanks.

-- 
Cheers,     Founding member of the Hyphenation Society, a grassroots-based, 
Rick Moen   not-for-profit, locally-owned-and-operated, cooperatively-managed,
rick@xxxxxxxxxxxxxx     modern-American-English-usage-improvement association.
-- 
Irish Linux Users' Group
http://www.linux.ie/mailman/listinfo/ilug/