On Thu, May 23, 2013 at 9:47 PM, Matus UHLAR - fantomas
<uh...@fantomas.sk>wrote:
> This is not what I was saying. I have said that if someone provides IDENT
> lookups, the response will be used and the client is rewarded with avoiding
> the timeout when waiting to timeout.
I'm sorry for interpreting you in the way that you yourself let your own
servers behave in the way that you expect from others.
> Of course, using SMTP delay of e.g.
> 30 seconds may help you even if ident is working, so I encourage you to
> implement this anti-spam measure (and drop all clients who send any content
> before your server displays the greeting). I think courier has no such
> measure currently.
>
> I don't think anyone sane would "block" IDENT lookups.
Then we heartily disagree.
> You may simply not
> provide it.
It is common for non-provided services to be firewalled off with DROP rules
rather than DENY or even ACCEPT. This comes from hard-learned lessons about
permitting services on a whitelisting basis rather than blacklisting basis;
this reduces risk of damage or loss of service from several types of
attacks. It is good network maintenance practice.
You in fact say there's no need to turn ident lookups off.
No, I don't.
The SMTP client
> MUST wait at least 300 seconds,
I'm afraid you're misremembering the standard.
RFC 2821 and 5321 specify that timeouts MUST be supported, but only SHOULD
be at least 5 minutes for the initial 220 message.
https://tools.ietf.org/html/rfc2821#page-56
https://tools.ietf.org/html/rfc5321#page-65
A SHOULD requirement weighs very heavily, of course, but it means that the
RFC authors and the community have accepted the bitter fact that RFC 821
was very vague about several technological aspects that have later proven
to be of importance, and taken that into account when specifying the SHOULD
requirement rather than a MUST as you believe.
--
Jan
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
