Scenario: A network with individual hosts (really, virtual machines) can run HTTP (web) servers that are available to the outside. (Here, available means the ability to read and write data.) The hosts can also run email (SMTP) servers available to other hosts on the network, but these are not available to the outside. Instead, all outside mail is routed to a machine named “S”, which forwards it to the internal host, and all internal mail addressed to external hosts is routed to “S”, which forwards it to the destination. There are no other servers available to the outside on “S”.
Model access control matrix using three hosts, “S”, “I” for a host on the network, and “O” for an outside host. Don’t forget to include the HTTP servers!
Write a command that allows “I” to exchange email directly with “O”, bypassing “smtphost” entirely.
Now consider a second host called “R” on the network. This host has just been added to the network and has no rights initially. Write a command that gives it the ability to send email to “O” if, and only if, “I” can send mail directly to “O”.