-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 John Rudd wrote: > Robert LeBlanc wrote: >> Connections arriving on port 25 can be assumed to come from >> servers with MX records, so that becomes a testable assumption and a >> precondition for connection. > > There are two things that are wrong with that statement. > > > 1) MX records are a good idea, not an absolute requirement. > > 2) MX records are for determining a domain's incoming mail servers. The > problem at hand is determining whether you're correctly dealing with a > domain's outgoing mail servers. > > For a SOHO mail server, you might be able to assume that the incoming > and outgoing mail servers are the same. But, that isn't necessarily > true, and it's an assumption that doesn't scale to large organizations.
My mistake, then; thanks for the clarification. I suppose what we need, then, is something like a "TX" record for helping to identify outbound mail servers. All of that said, though, my basic point remains--you can apply stricter assumptions to your port 25 connections once you separate out your client traffic to a submission port. Using MX records may not be the way to do this, but combinations of other tests should be possible to achieve this. - -- Robert LeBlanc <[EMAIL PROTECTED]> Renaissoft, Inc. Maia Mailguard <http://www.maiamailguard.com/> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFfcAnGmqOER2NHewRAjZxAJ44h/nQ1SQQ/Vrt4NTPOjMLZrmTjACff18j VgnB4Pi1UxZJwvgBCp1LlhA= =cZ56 -----END PGP SIGNATURE-----