|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Sender access restrictions by connecting back to the MX/A server(s)
From: Guido Van De Velde (Guido.VanDeVelde
cc.kuleuven.ac.be)
Date: Thu Oct 02 2003 - 03:23:20 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I understand this can all be true, but I do not agree completely. There
are several circumstances where the mx of a from-address is not
available at the time of sending the message.
I can send "work-mail" (mail with my workaddress as the from) from home
through my home-isp while the Internet-connection to my work is down (or
the other way around as well).
Furthermore such a check involves everytime on acceptance a backwards
connection. This ISP who does this here, is all day long opening and
closing connections to our incoming mailservers without sending mail. I
don't like this. In the long run I could see this as an unwanted threat
to our mailsystem.
If you have two smtp-servers in cascade (for whatever reason), the first
to accept from the Internet and to relay to the second, the second to
send to the Internet and to relay to the local mailboxes, the first will
be contacted by this external isp, but it doesn't know if an
emailaddress really exists, because that's knowledge only the second one
has. It can only confirm what the external smtp-server knows through a
"reject_unknown_sender_domain" and a "reject_non_fqdn_sender".
The mails they refuse are mainly very regular mails coming from personal
here who send those mails to their own home-mailbox located at this ISP.
As I said, every mail should have a correct from address, I know, but
this kind of checking isn't fail-proof enough. To my opinion.
If you're not able to bounce back, the mail is lost. Bad luck for the
sender. If the sender wants a garantee about delivery or a bounce
message, he should have used a correct from-address. But isn't that his
choice ?
Of course an organisation can use a policy what it wants, including
refusing mail, but I really hope this won't become the standard. (BTW,
how do you implement such a check in Postfix ?)
They should check the sending client (ip), not the sending emailaddress,
and also communicate with the client's systemadmin in case of problems.
Every from-address can be faked.
A regular mail with from like guidoNOSPAM.org to my home-mailbox is
bounced/refused, but a flame I send with a from=wietsporcupine.org is
accepted ??? Is that what we want ?
guido
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]