Peter J. Holzer wrote:Suppose a spammer registers a domain spammers-r.us, adds these DNS records: spammers-r.us MX 10 mail.spammers-r.us mail.spammers-r.us A 127.0.0.1
This is exactly what I have already seen at least once with a mainsleaze spammer. I can't find my notes, so I cannot confirm this, but I do remember that it caused my MTA issues (basically mailbombed itself trying to bounce a message).
It would be wise to try and program with this evil behavior in mind...
I agree, but there would be a lot of subnets to include, because spammers could use localhost (120.0.0.0/8), private addresses (10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12) and any of the IANA reserved subnets (a lot! http://www.iana.org/assignments/ipv4-address-space)
It might be simpler to make an SMTP connection to the MX RR of the sender's domain, and maibe even do a MAIL FROM: <>, RCPT TO: $senderAddress to do a simple address check.
If the sender's SMTP server is not available, we can return a temporary error code.
Happy Holidays, GFK's -- Guillaume Filion, ing. jr Logidac Tech., Beaumont, Qu�bec, Canada - http://logidac.com/ PGP Key and more: http://guillaume.filion.org/
