On May 3, 2006, at 12:13 AM, Steffen Kaiser wrote:
I hate this banning of dynamic addresses right away. Sure, there is no (at least not known to me) way to know, whether the host with a dynamic address is an badly or well configured end-user system,
That's actually not the issue for me. When it comes to "is it a dynamic IP address", I don't care whether or not it's a badly or well configured email address. I care whether or not it is an end-user system, or a server. If it's an end user system, and not my own end-user system, it shouldn't be making direct connections to my mail server. I have every right to make that requirement for who gets to connect to my mail server. No one, _NO_ONE_, has a right to interfere with my setting that criterion.
adsl.$a.$b.$c.$d.someisp.net is not what I expect to be the email server of any decent organization ... whether it's a company or a home mail server (btw: I am in that latter category). If you are an end-user, then you should go through your ISP's mail server. No if's and's nor but's. If you're a server, whether it's corporate, so-ho, or home enthusiast, then set up your service and system to look like one. If you don't, I don't see why I should accept email from you. So I don't.
Filtering out "poorly configured email servers" is something I catch with _other_ techniques, such as blocking RFC-Ignorant listed hosts.
but this thinking cut me off several net projects, because I couldn't communicate with the project in a reasonable way anymore.
You couldn't use a yahoo or gmail account just for those projects?
For one: If you want to use "roles" (e.g. use the Sourceforge mail address for projects hosted on SF.net, other ones for other projects a.s.o) the ISP must let the From field pass unaltered - actually I don't know one doing so without charging yet another fee.
I don't see how that's my problem. For one, I do pay a slightly higher fee in order to have a static IP address through an ISP that lets me set my PTR record to match my forward DNS. That's the price _I_ pay for having my own mail service instead of doing email through services whose processes I don't like.
If you aren't going to make that small leap in price, I don't see how that makes it my problem that you're not able to interact with various projects or servers. It's not my obligation to accept email directly from your end-user system just because you're not willing to pay a slightly higher fee.
To implement a whitelist system for well-behaved MTAs includes the assumption that those have _fixed_ IP addresses; this need not be true. I would at least give those poor people out there using a well-configured MTA on a dynamic address the chance to communicate with the world, e.g. using certificates.
I do. I wait until filter_sender, so that I can do various types of exemptions (SMTP-AUTH or by IP address). The fact that other services do their blocking during the TCP connection isn't my problem. I'm not responsible for how they run their mail servers. I'm responsible for how I run mine. Mine blocks what appear to be dynamic and end-user IP addresses, but makes room for exceptions based upon IP address and/or SMTP-AUTH.
The fact that you can't use other sites because they do this blocking in a different way doesn't make the technique I use at my sight flawed. Though, while some implementations of the general technique might be either flawed or inconvenient, that's not my problem.
_______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
