[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Forged sender test
Hi Vince,
On 11 Jan 2003 at 14:49, Vince Puzzella wrote:
> > Just note that you will reject a lot of legitimate mail.
> I am aware of the potential pitfalls of such a test. I was just wondering
> if it is at all possible.
Everything is possible in open-source world, just "man vi" :-). Maybe, those
"pitfails" just explan why this idea is still not present in standard MTA. Do
you really want to reject mail from Yahoo (REAL Yahoo, not forged)?
"...client=mta423.mail.yahoo.com[216.136.129.78]..."
For comparison, examples of real client tests (Postfix MTA):
1. HELO name must be present in DNS as valid A or MX RR.
2. Reverse DNS must exist, including "paranoid check" IP->PTR->A.
In my knowledge, all "well-maintained" mail systems satisfy those two tests,
and most (really most!) of garbage sources don't.
Alexey
> On 11 Jan 2003 at 9:52, Vince Puzzella wrote:
>
> From: "Vince Puzzella" <vpuzzella@bluecatnetworks.com>
> To: <zmailer@nic.funet.fi>
> Subject: Re: Router file naming convention
> Date sent: Sat, 11 Jan 2003 09:52:08 -0500
>
> > Is there anyway to get the zmailer smtp server to test for forged sender
> > addresses at the MAIL FROM:<> phase?
> > Essentially, I want to perform a DNS MX record query to verify that the
> > source IP is a valid mail exchanger for the sender's domain.
>
>
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe zmailer" in
> the body of a message to majordomo@nic.funet.fi
>
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi
- Follow-Ups:
- Re: Forged sender test
- From: "Vince Puzzella" <vpuzzella@bluecatnetworks.com> (Sat, 11 Jan 2003 22:53:16 +0200)