|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Incessant Bounces
From: Wietse Venema (wietse
porcupine.org)Date: Wed Aug 23 2000 - 15:47:15 CDT
- Next message: Wietse Venema: "Re: AW: Too many open files error when sending to large list"
- Previous message: Brad Knowles: "Re: Incessant Bounces"
- In reply to: Rask Ingemann Lambertsen: "Re: Incessant Bounces"
- Next in thread: Ronald F. Guilmette: "Re: Incessant Bounces"
- Next in thread: Greg A. Woods: "Re: Incessant Bounces"
- Reply: Wietse Venema: "Re: Incessant Bounces"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Sounds like this case could be solved with a very simple strategy:
- have a default "4xx try again" access rule that keeps unknown
clients at arms-length distance,
- have a mechanism that triggers some client verification process
that ultimately results in a new access rule that either says
"REJECT" or that says "OK".
The fastest path to implementation would be a new map type that
queries a daemon that replies "4xx wait" and that updates the access
map. As far as I am concerned, that daemon could be written in PERL.
smtpd_client_restrictions =
hash:/etc/postfix/access
tcp:localhost:12345
I'm hacking up a tcp map type and then you guys can play with it.
Wietse
Rask Ingemann Lambertsen:
> Den 23-Aug-00 19:28:06 skrev Brad Knowles f_lgende om "Re: Incessant Bounces":
> >At 6:49 PM +0200 2000/8/23, Rask Ingemann Lambertsen wrote:
>
> >> $ host -t MX netscap.com
> >> netscap.com mail is handled (pri=0) by mail.x1netscap.com
> >> $ host -t A mail.x1netscap.com
> >> Host not found.
>
> > Yup. So the next level of checks that will have to be
> >implemented on MTAs is to ensure that the target(s) of one or more MX
> >records actually resolves into one or more IP addresses, and we may
> >even have to take yet another step and correlate the IP addresses of
> >the target(s) of the MX record(s) back to the IP address of the
> >sender.
>
> I'm not sure what you are trying to say in the last part, but some
> domains are set up in such a way that all MX'es (usually just one) point to
> other peoples mail servers, which will of course reject the messages with
> "Relaying denied" type messages. Unfortunately (?), the DNS does not have
> any reverse MX information.
>
> > If you could be truly sure that the NXDOMAIN response you got
> >wasn't caused by problems in your local resolver or your local
> >caching nameserver, then I'd agree with you.
>
> > But you can't, so I don't.
>
> You can ask the authoritative servers directly before concluding that
> the lookup failed. If the authoritative servers say it isn't there, then it
> isn't there.
>
> Regards,
>
> /________________________________T_______________________________________\
> | Rask Ingemann Lambertsen | E-mail: mailto:raskkampsax.k-net.dk |
> | A4000, 896 kkeys/s (RC5-64) | "ThrustMe" on XPilot, ARCnet and IRC |
> | Whoever said you can't multitask a Mac didn't own an Amiga |
>
>
>
>
>
- Next message: Wietse Venema: "Re: AW: Too many open files error when sending to large list"
- Previous message: Brad Knowles: "Re: Incessant Bounces"
- In reply to: Rask Ingemann Lambertsen: "Re: Incessant Bounces"
- Next in thread: Ronald F. Guilmette: "Re: Incessant Bounces"
- Next in thread: Greg A. Woods: "Re: Incessant Bounces"
- Reply: Wietse Venema: "Re: Incessant Bounces"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]