Re: rfe: automagic open relay message refusal?

[Eugene Crosser <crosser@online.ru>]

On 14-Jun-01 at 20:27, Benjamin C.R. LaHaise (blah@kvack.org) wrote:

> I want to see the following happen:
> 
> > incoming SMTP connection
>      - is the ip address trusted?  yes -> accept session
>      - is the host an open mail relay? yes -> reject session, no: accept
>           - is the host in our open relay cache?
>                yes - verify and update if old or negative
>                - no: connect and check
> 
> Where connect and check involves opening an SMTP session to the remote
> server and verifying that it does not relay mail for anyone.

The problem is that checking for open relay takes much more time than
any reasonable SMTP timeout.  If remote accepts a message that does not
mean that it will be relayed.  To tell that the relay is really open,
you have to wait for the message to acually arrive at the final
destination.

A procedure that *could* be practical might be as follows: collect addresses
of remotes that come to our SMTP port and asynchronosly check their
openness.  This way you will accept sessions from open relays but not for
long, no longer than your checking period (say 30min).  And this procedure
may be implemented completely independent from the smtpserver.

Eugene
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi