-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Daryl C. W. O'Shea wrote: > Robert LeBlanc wrote: > >> Connections arriving on port 25 can be assumed to come from >> servers with MX records, so that becomes a testable assumption and a >> precondition for connection. > > Since when? If I rejected mail on that condition I would never have > received your message.
Are you suggesting that mail.apache.org does not have a MX record associated with it? My point (taken out of context in your quote above) was that /if/ you segregate your traffic between port 25 and a submission port, such that all of your client traffic connects and authenticates via the submission port, /then/ you can tighten the restrictions on your port 25 connections, because all you should be accepting on that port thereafter is MX-to-MX traffic. Any legitimate client-to-MX traffic should be going to your submission port. - -- Robert LeBlanc <[EMAIL PROTECTED]> Renaissoft, Inc. Maia Mailguard <http://www.maiamailguard.com/> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFfbx/GmqOER2NHewRAhApAJ9Ntec/vkk6SlY8DmXkwHYovbM1rACgm/Nw KWfCIXmF0MRXPsoPjYZgOjw= =TmHw -----END PGP SIGNATURE-----