JT Moree a écrit :
> I was thinking of rejecting mail when the MAIL FROM is empty or set to
> <> during the MAIL FROM stage.
> 
> Is this a good or bad idea?
> Is this possible with any of the current plugins?

As said by others this is not a good idea to block all MAIL FROM: <> but
you could block illegitimate bounces using BATV or VERP. Unfortunately,
you'll need to modify qmail-remote to make it work.

See this thread:
http://beta.nntp.perl.org/group/perl.qpsmtpd/2004/09/msg1967.html

Here's a part of a message I wrote in 2004 describing BATV and VERP:
BATV stands for Bounce Address Tag Validation and VERP stands for
Variable Envelope Return Path. The principle behind these two concepts
is to validate the bounces you receive. OEvery time you send an email,
you set the envelope sender address to a one-time address only valid for
this message. If the message bounces to this one-time address, then you
know for sure what message bounced. If a forged message bounce, then you
know for sure that you never sent this message and you can bounce the
bounce. It's like SPF classic but 200 lbs lighter. Of course, this
implies that all of your outgoing email came from authorized servers
(who had the BATV/VERP key).

More infos:
http://cr.yp.to/proto/verp.txt
http://mipassoc.org/batv/

Also, where can I find your PGP key? I can't find it in any of the key
servers I know.

Cheers,
GFK's
-- 
Guillaume Filion, ing. jr
PGP Key and more: http://guillaume.filion.org/

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to