On 9/14/2019 2:26 PM, K Post wrote:
Daniel,
I don't think that using only the MX records (inbound addresses) for
yahoo is going to cut it, plus yahoo uses different IP's for the same
hostname based on geolocation.
Ok...but (here's another opportunity to display my ignorance) what's the
difference? I'm assuming (yes I know what that means) that the geo-based
IP's determine which servers are going to be talking to a group of
clients. Which in this case means...you! So what's wrong with simply
listing the MX's that appear to be configured to talk to you?
For example, I'm finding that
mta5.am0.yahoonet.net <http://mta5.am0.yahoonet.net> to be 74.6.136.150,
which isn't in your list. Your goal is the same as mine and used the
same theory that these big boys should just have their IP's ignored for
PB reasons. However, I don't think you're doing a particularly good job
of excluding all of the IP's.
Probably not - but how are you inferring that? And I don't care if I
exclude *all* the IP's. I only care about mail that touches *my* server.
If the IP's for other countries aren't listed...they don't talk to me so
I don't care about them.
[...] You are using IP's from the MX
record the for the same purpose, though as I said, I don't think that's
capturing all that could be sending from yahoo.
Entirely possible. And I agree that a script to automate what *should*
be a simple process is a great idea. But if the @ssholes, I mean "big
boys", choose not to follow standards - our choices are limited.
[...] If I have dns server
access to a server that is the authorized server for a netblock, I could
add a reverse for any controlled ip to be whatever.yahoo.com
<http://whatever.yahoo.com> and pass!
If you did...they'd probably be configured correctly and we wouldn't be
having this conversation. Naive of me I suppose - at the moment I'm not
worried about Microsoft/Yahoo's DNS servers being compromised just to
send me male supplement ads.
If a message comes from 74.6.136.150, your method wouldn't ignore the
penaltybox / white, but mine is unlikely to as well. I don't know of a
way to get yahoo's allowable sending IP's. If ASSP could have a regex
in nopb and nopbwhite like *.yahoo.com <http://yahoo.com> that checks
the reverse of a given IP, I believe that would solve my issue (and be
good for yours too).
I'd love such options as well - but for me as a functional alternative
if someone complains of a mail being blocked I check and take the
appropriate action. Early in my ASSP implementation there were a number
of servers, like Yahoo, that I had to manually add to nopb.txt and such.
Honestly I haven't had an issue with such senders in quite some time.
I agree from it would certainly be preferable to have a purely automated
system for updating targeted domains. It would also be great if the
larger players in this game played according to the rules. But it seems
to me we have a functional method to accomplish the goal of
blocking/passing mail even it isn't ideal.
Other than offending our sense of elegance (which without any sarcasm
whatsoever I completely agree with!) - what exactly does not work for
you with having a static list of Yahoo (and other) IP's?
--
Daniel
_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test
