|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Sender Verification Doc
From: Victor Duchovni (Victor.Duchovni
MorganStanley.com)
Date: Wed Nov 01 2006 - 21:32:52 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, Nov 01, 2006 at 10:18:52PM -0500, David Cary Hart wrote:
> I think that SV is a terrible idea to begin with. I will
> spare you the rant. Nevertheless:
>
> "By default, Postfix probe messages have
> postmaster$myorigin" as the sender address. This is SAFE
> because the Postfix SMTP server does not reject mail for this
> address."
>
> That doesn't make sense to me. Doesn't that presuppose that the
> probed server is running Postfix or am I suffering from a senior
> moment? The concept makes sense - just not the explanation.
Think harder, if the receiving machine also does SAV, the probe sender,
will be probed in turn (now as a recipient), it is important to not
reject it (your own probe sender) in this context, or to apply SAV to
the remote probe sender (whatever it may be), when the *recipient* is the
local probe sender.
> "You can change this into the null address
> ("address_verify_sender ="). This is UNSAFE because address
> probes will fail with mis-configured sites that reject MAIL
> FROM: <>, while probes from 'postmaster$myorigin' would
> succeed."
>
> While I agree, that's not limited to mis-configured servers.
> Rejecting null sender seems to be the most effective means of
> eliminating backscatter. Is that an errant conclusion on my part?
Yes, because not all bounces are "backscatter", and severely breaking
mail delivery (in this case delivery error reporting) is not an acceptable
anti-abuse measure.
I don't use SAV either, and don't recomment it, but I also don't recommend
premature criticism. When in doubt, ask rather than accuse. When looking
at something in detail for the first time, be in doubt.
--
Viktor.
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the "Reply-To" header.
To unsubscribe from the postfix-users list, visit
http://www.postfix.org/lists.html or click the link below:
<mailto:majordomopostfix.org?body=unsubscribe%20postfix-users>
If my response solves your problem, the best way to thank me is to not
send an "it worked, thanks" follow-up. If you must respond, please put
"It worked, thanks" in the "Subject" so I can delete these quickly.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]