|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: reject_unknown_sender_domain flawed?
From: Rask Ingemann Lambertsen (rask-postfix
kampsax.k-net.dk)Date: Mon Aug 14 2000 - 23:24:09 CDT
- Next message: Rask Ingemann Lambertsen: "Re: Preventing email abuse"
- Previous message: Rask Ingemann Lambertsen: "Re: Mail get lost on temporary failure"
- In reply to: Wietse Venema: "Re: reject_unknown_sender_domain flawed?"
- Next in thread: Wietse Venema: "Re: reject_unknown_sender_domain flawed?"
- Reply: Rask Ingemann Lambertsen: "Re: reject_unknown_sender_domain flawed?"
- Reply: Wietse Venema: "Re: reject_unknown_sender_domain flawed?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Den 13-Aug-00 15:50:34 skrev Wietse Venema fĝlgende om "Re: reject_unknown_sender_domain flawed?":
>Rask Ingemann Lambertsen:
>[Charset iso-8859-1 unsupported, filtering to ASCII...]
>> Den 03-Jul-00 00:34:05 skrev Wietse Venema f_lgende om "Re:
>> reject_unknown_sender_domain flawed?":
>>
>> >No. The purpose is to reject mail from domains THAT DO NOT EXIST.
>>
>> You're nitpicking.
>If you really want 100% sender address validation, Postfix would
>have to send mail to the address and somehow find out that the mail
>actually arrived. 100% sender validation is not possible.
OK, so you're not nitpicking, just not reading my messages. Where did I
even suggest that reject_unknown_(sender|recipient)_domain should send a
probe message? Nowhere. In the message you replied to, I even said: "The
discussion was only about DNS based checks."
>The purpose of the sender domain check is to reject obvious junk,
>not to make recipients lose mail.
OK, so where we differ is in the definition of "obvious".
I can't believe that you, of all people, try to use the mail loss excuse
(for lack of better word). You should know better.
>All the more reason to rip the UCE crap out of the smtpd and to
>make the hooks available to an external scripted process so that
>crusaders can do their thing without having to patch C code.
Definitely. The kinds of misconfigurations that people create to fool
UCE checks will change more often than new releases of Postfix come out,
RBL-style domains may change in functionality as we've seen, and people
have different needs anyway. Some things that I'd like to do can't be
expressed currently, e.g. lookup up sender domain MX IP's in RBL-style
domain rejectsbounces.k-net.dk, to better map out domains of that type. And
you could spend more time on parts of Postfix which you think are more
important.
Which sort of time frame are we looking at wrt. these hooks? Which ideas
do you have about the scripting language? Some of my ideas:
- Hooks in all places where we have smtpd_*_restrictions.
- Access to all the usual info, e.g. client address, sender/recipient
address, etc.
- Functions for making DNS lookups and using the map types available to
Postfix.
Regards,
/ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻTŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ\
| Rask Ingemann Lambertsen | E-mail: mailto:raskkampsax.k-net.dk |
| A4000, 896 kkeys/s (RC5-64) | "ThrustMe" on XPilot, ARCnet and IRC |
| Es funktioniert nicht, sieht aber gut aus. |
- Next message: Rask Ingemann Lambertsen: "Re: Preventing email abuse"
- Previous message: Rask Ingemann Lambertsen: "Re: Mail get lost on temporary failure"
- In reply to: Wietse Venema: "Re: reject_unknown_sender_domain flawed?"
- Next in thread: Wietse Venema: "Re: reject_unknown_sender_domain flawed?"
- Reply: Rask Ingemann Lambertsen: "Re: reject_unknown_sender_domain flawed?"
- Reply: Wietse Venema: "Re: reject_unknown_sender_domain flawed?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]