Would blocking incoming RFC1918 traffic from WAN at the firewall and blocking loopback source addresses from LAN at the local machine be a good defense-in-depth strategy? Is it in general a bad idea to rely on IP authentication for database/mail servers? I could see this exploit potentially being used by spammers to send spam mail from another domain server by using the fact that mail servers often allow senders from the local network to bypass all other authentication
Would blocking incoming RFC1918 traffic from WAN at the firewall and blocking loopback source addresses from LAN at the local machine be a good defense-in-depth strategy? Is it in general a bad idea to rely on IP authentication for database/mail servers? I could see this exploit potentially being used by spammers to send spam mail from another domain server by using the fact that mail servers often allow senders from the local network to bypass all other authentication