|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Wietse Venema (wietse
porcupine.org)
Date: Sat Mar 01 2003 - 09:57:48 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Tom Allison:
> I just got a thought.
>
> Everyone knows how postfix 2 can do a test to check the MAILFROM address
> to see if it can accept email.
>
> Isn't there some way that postfix could be manipulated so that every
> domain in HELO is tested for being an OPEN RELAY in a similar manner?
This reminds me that the tcp: lookup table still needs to be
finished. This would allow you to use a non-Postfix process as an
oracle. If it were finished, you would specify an access table
like this:
check_helo_access tcp:host:port
The server on host:port would receive queries with the HELO hostname,
and would reply with OK, DEFER, REJECT etc. as appropriate.
I didn't choose this approach for Postfix's sender/recipient address
verification because building support for probe messages into
Postfix required fewer lines of code.
> By attempting to send an open relay type of message through that
> incoming server?
>
> This is something that might be used after you test RBL for open relay
> status and if it fails as an Open Relay, then provide that information
> to RBLs to provide them with a more real time system.
>
> I am assuming that an Open Relay test takes much longer than a RBL lookup.
You betcha. There is also the problem of caching a potentially
large number of address/status information, assuming you don't
want to run this open relay test every time.
Wietse
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]