tech-userlevel: Re: pppoe(4) man page in conjunction with Postfix leaves gaping relay hole

Subject: Re: pppoe(4) man page in conjunction with Postfix leaves gaping relay hole
To: Jun-ichiro itojun Hagino <itojun@itojun.org>
From: Bill Sommerfeld <sommerfeld@netbsd.org>
List: tech-userlevel
Date: 10/01/2003 21:34:57

> >     inet 80.130.149.14 -> 217.5.98.29 netmask 0xff000000
> > which causes Postfix to treat 80.0.0.0/8 as a trusted network to relay for.
> 
> 	now i see the problem.  yes, it has to be fixed (documentation fix only
> 	i suppose).

For its default policy, postfix should probably ignore the netmask
(i.e, assume a /32) on interfaces flagged as IFF_POINTTOPOINT.

And I think that policy is suspect anyway -- would you want
cable-modem customers to have mailers that relay by default for the
virus-ridden infected open proxies on their cable subnet?

(would be simpler if we had IFF_EVIL/IFF_GOOD interface flags ;-) )

							- Bill