I've added code to enable anti-reflection, spam filtering by domains,
and checks to make sure that mail addresses (user@stuff.domain)
have an end part which has any of IN_A,IN_MX,IN_CNAME records,
otherwise it is forged and should die.

To enable spam filtering, compile with SCRUB_SPAM=1 in the Makefile.  Add
DNS_SCREEN=1 for dns address checking. then create a file
"/var/spool/smtpd/etc/spamdomains" and give it a list of domains, e.g. 

moneyworld.com
cyberpromo.com
lamer@aol.com

lines beginning with hash marks are ignored to allow for commenting in
this, and the other config files. 

To prevent certain networks from talking to your machine,
set NO_SPAMNETS=1 and place those networks into the spamdomains
file (defaulted to /var/spool/smtpd/etc/spamnets), e.g.

cat /var/spool/smtpd/spamnets
192.168.1.
10.

To enable anti-reflection, first determins which ip networks/addresses you
want to allow to send mail anywhere. put these addresses in
/var/spoo/smtpd/etc/localnets, where networks would be the network number
with a finishing period (e.g. 10. or 192.168.1. )  and ip addresses would
be fully written out. Sorry, i was lame and wrote a relatively stupid
address comparator that doesn't do masking or / notation. I won't complain
if you rewrite it with the CIDR patch for the TIS toolkit :) 

Next, determine which domains are local and put them in
/var/spool/smtpd/etc/localdomains. 

a sample config would be:

/var/spool/smtpd/etc/localdomains:

someorg.org
somecom.com

/var/spool/smtpd/etc/localnets:

192.168.1.
10.
#
# don't forget your loopback :)
#
127.0.0.

To temporarily disable any of the above, move the file(s)  aside and that
feature will disable itself when the next daemon is spawned. 

-- craig

hagan@cih.com