Re: Re: Re: Re: Matt's scripts strike again

Replies are listed 'Best First'.
Re: Re: Re: Re: Re: Matt's scripts strike again by hardburn (Abbot) on Dec 10, 2003 at 14:30 UTC
A firewall won't keep someone from using a CGI program to send mail. There are application-layer firewalls that would do it, but in practice, there isn't much you can do about that. if my colo company thought FTP to be more secure than SSH, I'd have to change colo companies. Agreed, but it wasn't my decision. ---- I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident. -- Schemer `: () { :\|:& };:` Note: All code is untested, unless otherwise stated	[reply] [d/l]
The problems of working around problems by mr_mischief (Monsignor) on Dec 10, 2003 at 14:59 UTC
There are application-layer firewalls that would do it, but in practice, there isn't much you can do about that. True, but since you want to be able to use the program for its intended purpose -- to let people connect to the web server and have the program send out E?SMTP mail -- then your transport level or even application-level firewall would have to be configured very specifically. It would also have to be changed every time the program was to send to a new recipient with a different MX host. The extra load on both the machine and the admin would be a nightmare if you had a number of valid recipients in a number of different domains. So as you said, in practical terms, there's not much you can do. It's less work and cost to fix the problem in the program than to work around it with tools insufficient to properly address the problem. Christopher E. Stith	[reply]