Re: Marc: use SPF to prevent backscatter? Was RE: [AMaViS-user] Q about mail proxy servers and setups

2007-09-24 Thread mouss
Michael Scheidell wrote: One thing I would like to see (and this is a different subject: Marc: take note: Id like to NOT BOUNCE an email back to the victim of backscatter if they bothered to publish SPF or SENDER ID records that don't match the incoming. It's the other way around. you

Re: [AMaViS-user] Q about mail proxy servers and setups

2007-09-24 Thread Jo Rhett
On Sep 23, 2007, at 5:17 PM, Michael Scheidell wrote: Anyone have an answer that isn't obvious? I already said I can't put it on the proxy. No, you didn't. You mentioned that as an option. And stop being rude to people who answer the question you asked. -- Jo Rhett Net Consonance :

Re: Marc: use SPF to prevent backscatter? Was RE: [AMaViS-user] Q about mail proxy servers and setups

2007-09-24 Thread Clifton Royston
On Sun, Sep 23, 2007 at 08:31:04PM -0400, Michael Scheidell wrote: One thing I would like to see (and this is a different subject: Marc: take note: Id like to NOT BOUNCE an email back to the victim of backscatter if they bothered to publish SPF or SENDER ID records that don't match the

RE: Marc: use SPF to prevent backscatter? Was RE: [AMaViS-user] Q about mail proxy servers and setups

2007-09-24 Thread Michael Scheidell
If whoever's responsible for the proxy is not able to implement normal recipient validation, I think this makes a good case that they aren't able to keep it running adequately. Its worse, we have to feed it to 'yap' (yet another proxy) and THAT proxy also does no recipient validation, so

Re: [AMaViS-user] Q about mail proxy servers and setups

2007-09-23 Thread Jo Rhett
Every problem you've named here is solved by putting Amavis/SA on the proxy instead of the internal system. If the proxy doesn't do the spam-checking, and the internal system does I can name a dozen other problems that will occur, the most important of which will be backscatter. 2-step relay

Re: [AMaViS-user] Q about mail proxy servers and setups

2007-09-23 Thread Clifton Royston
On Sun, Sep 23, 2007 at 01:50:43PM -0400, Michael Scheidell wrote: Sometimes a large company will have a proxy server set up in the DMZ and then send it to their internal mail server. ... #1, SPF. SPF helo, SENDERID The proxy will be adding a received header, and announcing 'HELO/EHLO'

RE: [AMaViS-user] Q about mail proxy servers and setups

2007-09-23 Thread Michael Scheidell
Anyone have an answer that isn't obvious? I already said I can't put it on the proxy. -- Michael Scheidell, CTO Office: 561-999-5000 x 1259 Direct: 561-939-7259 Real time security alerts: http://www.secnap.com/news _ This

Marc: use SPF to prevent backscatter? Was RE: [AMaViS-user] Q about mail proxy servers and setups

2007-09-23 Thread Michael Scheidell
One thing I would like to see (and this is a different subject: Marc: take note: Id like to NOT BOUNCE an email back to the victim of backscatter if they bothered to publish SPF or SENDER ID records that don't match the incoming. (and, yes, this would NOT work behind a proxy) I would like the