Re: IIS SMTP - is open relay prevented?
- From: "Ken Schaefer" <kenREMOVE@xxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 30 Nov 2007 14:41:44 +1100
"Sanford Whiteman" <swhitemanlistens-software@xxxxxxxxxxxxxxxxxxxxx> wrote in message news:op.t2c8ifvl6c17zw@xxxxxxxxxxxxxxxxxxxxxxx
> As it is, your current configuration is probably the easiest to
> maintain.
Laziest to maintain != Easiest to maintain. It's one thing to
streamline your configuration, it's another to have no audit trail or
security boundaries because you run everything in the same context.
Web developers need to get used to the uncomfortable idea of _somebody
else_ running their code, whether that be a customer or a hacker. That
means knowing *which* web application sent mail from 127.0.0.1. On a
server with innumerable posting acceptors running under the same
context, an accidentally open HTTP-SMTP proxy is almost impossible to
track down.
Alternatively, if there's only a single web application, and this is compromised, then you gain very little from SMTP AUTH since the attacker is merely manipulating what the web application is permitted to do anyway.
Cheers
Ken
.
- Follow-Ups:
- Re: IIS SMTP - is open relay prevented?
- From: Sanford Whiteman
- Re: IIS SMTP - is open relay prevented?
- References:
- Re: IIS SMTP - is open relay prevented?
- From: Ken Schaefer
- Re: IIS SMTP - is open relay prevented?
- From: Sanford Whiteman
- Re: IIS SMTP - is open relay prevented?
- Prev by Date: Re: IIS SMTP - is open relay prevented?
- Next by Date: Re: IIS SMTP - is open relay prevented?
- Previous by thread: Re: IIS SMTP - is open relay prevented?
- Next by thread: Re: IIS SMTP - is open relay prevented?
- Index(es):
Relevant Pages
|
Loading
