From: Greg A. Woods (woodsweird.com)
Date: Thu Oct 02 2003 - 00:00:12 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ On Thursday, October 2, 2003 at 00:31:28 (+0200), Guido Van De Velde wrote: ]
> Subject: Sender access restrictions by connecting back to the MX/A server(s)
>
> For instance a mail from userhost where host does exist and has regular
> dns A and PTR records, but its tcp/25 is protected by our firewall. I
> know it should be userdomain with mx'es reacheable from Internet, but
> is it up to someone else to judge on that ?

If you are talking about the SMTP envelope sender address, i.e. the
address your mailer gives with its "MAIL FROM:" command, then yes,
absolutely. Als sender address really must be routable on the public
Internet. I.e. the MX (or if your DNS is too lame to have MX RRs for
all mail domains, then the A RR) for the domain in a sender address must
exist and the target host must answer on port 25 and must accept e-mail
for that address.

While I personally don't condone active verification of sender addresses
during the incoming SMTP transaction, I really don't like to to accept
e-mail with an invalid sender address and when I do end up with
undeliverable bounces I record the failed addresses and refuse to accept
any more e-mail from them in the future.

As Wietse says, there is no requirement for any site to accept e-mail
with an invalid sender address.

If your internal infrastructure is too complex to allow for all e-mail
leaving your site to always have valid sender addresses then you should
simplify your internal infrastructure! Too much complexity is not good
regardless of whether it is the root cause of this problem or not.

--
                                                Greg A. Woods

+1 416 218-0098 VE3TCP RoboHack <woodsrobohack.ca>
Planix, Inc. <woodsplanix.com> Secrets of the Weird <woodsweird.com>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]