Milter-greylist

Javier <axioma@...> wrote:

[No authentication for MX sync]
> isn't that a bit insecure? in the sense that you are sharing
> your greylist database with anyone who uses you as peer?
> or you have to choose that IP as your peer as well in order
> to share the db file?

it will only accept connexions from hosts you have listed as peer in
your config file. Of course this wil be defeated by someone doing IP
spoofing, but if the spammer is able to perform IP spoofing between your
MX, then he does not need to hijack the greylist database sync in order
to inject spam.

If you reached the situation where your MX authenticate to each other
before accepting mail through SMTP, then MX sync will lower your
security if you don't encapsulate it in SSL or IPsec. If you don't use
SMTP authentication between your MX, that changes nothing.  
 
> juergen, so milter-greylist takes only the first Received-line,
> but would it be possible for milter-greylist to take the second one
> if the first one showed an IP that is included as a peer in the
> config file?

milter-greylist doesn't read the Recieved lines, it just sees where the
network connexion is coming from. Received lines can be compltely
forged.

-- 
Emmanuel Dreyfus
Il y a 10 sortes de personnes dans le monde: ceux qui comprennent 
le binaire et ceux qui ne le comprennent pas.
manu@...