--- On Mon, 3/25/13, David F. Skoll <[email protected]> wrote: > On Mon, 25 Mar 2013 13:53:34 -0700 (PDT) [email protected] wrote: > > Although this will issue a QUIT when an error is returned, it does > > NOT do so when the transaction succeeds to the point where 'DATA' is > > normally issued. There are at least two blacklisting DNSBLs that > > track systems that track callbacks and the failure to issue QUIT. > > This is a good way to get listed and therefore banned. > > Two comments: > > 1) Read the MIMEDefang source, not the purported source as published > by a poster on this list.
I was responding directly to what was posted to the list, which has the defect. > 2) md_check_against_smtp_server is intended to be used against servers > you control. If you want to blacklist your own MIMEDefang relay... That may have been your intent for adding the function, but it can easily be abused to perform callbacks to random servers, especially when used to test the sender's address for validity as a return address. If it were to be limited to servers under one's control and enforced as such, the routine would have to obtain the recipient's MX-RRset internally and test all higher priority MTAs; thus it would not need the remote host address parameter. It would determine which host in the MX-RRset it is running on based on the macro variables passed in via the milter interface. _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
