|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: reject_unverified_recipient 450 error message exposes VPN addreses
From: Sheldon T. Hall (pf
tandem.artell.net)
Date: Fri Dec 02 2005 - 12:08:59 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Alex Schuilenburg says ...
>
> I have recently turned on reject_unverified_recipient for our
> backup MX
> host which simply acts as a relay. This was done in an attempt to cut
> down on the spam that gets queued there to non-existant local
> addresses.
>
> Unfortunately I have since found out that the 450 message any sender
> includes the internal VPN addresses and host names of the verification
> host. The message they see is:
>
> 450 <fooecoscentric.com>: Recipient address rejected: unverified
> address: host <internal name>[<internal addr>] said: 450
> <fooecoscentric.com>: Recipient address rejected: User
> unknown in local
> recipient table (in reply to RCPT TO command)
>
> with <internal name> and <internal addr> being names and addresses of
> hosts on our VPN.
I've seen mention of this before, and I don't get it. In your case the
machine's on a "VPN", in the other case I can remember, it was on an
unroutable (private) IP address.
In both cases, I don't see the problem. Why do you care? If your "VN" is
actually "P", or the internal IP address is unroutable, no outside
mailserver can send mail directly to it. I cannot see how some
reject-notice-receiver's knowing that I'm sending from 192.168.0.103, whose
name is mobilart3.artell.net, or that this same machine rejected something,
does the least harm.
On the other hand, the _lack_ of this information would make troubleshooting
much more difficult, especially on large sites.
Am I just insufficiently paranoid? It would be a first ....
-Shel
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]