Re: Sites that block dynamic/dialups
From: Rob van der Putten (rob_at_sput.nl)
Date: 11/22/03
- Next message: KhoGuan PhuaN: "Prevent kernel 2.6 ipv6 module from being loaded"
- Previous message: David & Ruth Watts: "Re: Wireless and Netgear WG311 PCI adapter"
- In reply to: D. Stussy: "Re: Sites that block dynamic/dialups"
- Next in thread: D. Stussy: "Re: Sites that block dynamic/dialups"
- Reply: D. Stussy: "Re: Sites that block dynamic/dialups"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sat, 22 Nov 2003 15:06:22 +0100
Hi there
"D. Stussy" wrote:
> ...And how does this work when a domain has an assymetrical mail handling system
> - i.e. dedicated INBOUND and OUTBOUND services on different machines? An
> outbound server would be connecting to you, but since it has no inbound mail
> service (accessible from the Internet at large; just the internal dial-up
> network), there's nothing to connect to. Some larger ISPs follow this model.
> This could also be true if the message is being relayed - and the relay paths
> are different for inbound and outbound mail handling.
>
> Now, if you meant to say that the verification connection would be to ANY server
> pointed to by an MX record of that domain (or the host possessing the A record
> if no MX records are present), that could still work in the assymetrical model.
> However, relays that do not validate the username portion of the mailbox (but
> merely "store and forward") will accept ANYTHING there, so I don't see how that
> validates the mailbox. At best, it validates only that the domain is reachable.
It uses the MX.
In my experience, systems that first accept the mail and then reject it
are quite rare.
You can detect such systems by testing a random address, such as a
string based on epoch. The result of such tests can be cached.
> There may be other cases where this breaks also, such as autogenerated mail from
> various non-mail servers - e.g. my ISP sends me an e-mail when someone signs my
> web site guestbook. One can't generally e-mail back a service such as that.
Such from addresses should have an alias. So should all system users.
> Why not fatal DNS errors ("NXDOMAIN") being fatal, and transient DNS errors
> being transient?
Sounds logical.
I'll look into this.
> And a reject isn't? All rejects of any relayed message cause bounces. You
> don't necessarily know that a message has been relayed previously (depends on
> when your system issues the reject - before or after the "DATA" subcommand, and
> if after, how many "credible" Received: headers there have been). The only time
> a reject doesn't cause a bounce is when the connection is between the e-mail
> authoring client program and the [first] server. However, as the recipient
> system, you don't control that. Granted, you issue a reject and some other
> system not yours generates the bounce, but there's still a bounce. A spammer
> isn't going to connect his client directly to your server, because that allows
> you to read the IP address he's using at the time and therefore trace him.
A sending MTA might impose restrictions on the the envelope from being
used, in which case a false from would have to be in the same domain.
It may also impose restrictions on the combination of origin host and
destination address. In fact, without that, it acts as an open relay.
Regards,
Rob
-- +----------------------------------------------------------------------+ | Rob van der Putten, rob@sput.nl | | http://www.sput.nl/spam/spam-policy.html | +----------------------------------------------------------------------+
- Next message: KhoGuan PhuaN: "Prevent kernel 2.6 ipv6 module from being loaded"
- Previous message: David & Ruth Watts: "Re: Wireless and Netgear WG311 PCI adapter"
- In reply to: D. Stussy: "Re: Sites that block dynamic/dialups"
- Next in thread: D. Stussy: "Re: Sites that block dynamic/dialups"
- Reply: D. Stussy: "Re: Sites that block dynamic/dialups"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
