On Tue, 2004-11-02 at 17:00, Paul Howarth wrote: > On Mon, 2004-11-01 at 18:55, Leonard Isham wrote: > > I suspect that these are the reasons sendmail.org recommends firewalling MSA: > > > > Meant to be less strict on standards compliance > > * Addresses don't have to be fully qualified > > * Hostnames don't have to be fully qualified > > * Don't require "required" headers, e.g. Message-ID: and Date: [SNIP] > Hence the advice of firewalling it off from external > clients. However, there is another way to prevent this, i.e. by setting > up the MSA with the "a" daemon flag, like this: > > FEATURE(`no_default_msa')dnl > DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl > > The "a" flag makes the MSA require authentication from any client > connecting to it. This is how to ensure that only genuine roaming users > with the right username/password can access the MSA, without leaving it > open to anybody attempting local delivery. Hey Paul... How did you locate the M=Ea option. Is it anywhere in the sendmail doc? (not online meaning)
