-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

John Rudd wrote:
> Robert LeBlanc wrote:
>> Connections arriving on port 25 can be assumed to come from
>> servers with MX records, so that becomes a testable assumption and a
>> precondition for connection.
> 
> There are two things that are wrong with that statement.
> 
> 
> 1) MX records are a good idea, not an absolute requirement.
> 
> 2) MX records are for determining a domain's incoming mail servers.  The
> problem at hand is determining whether you're correctly dealing with a
> domain's outgoing mail servers.
> 
> For a SOHO mail server, you might be able to assume that the incoming
> and outgoing mail servers are the same.  But, that isn't necessarily
> true, and it's an assumption that doesn't scale to large organizations.

My mistake, then; thanks for the clarification.  I suppose what we need,
then, is something like a "TX" record for helping to identify outbound
mail servers.

All of that said, though, my basic point remains--you can apply stricter
assumptions to your port 25 connections once you separate out your
client traffic to a submission port.  Using MX records may not be the
way to do this, but combinations of other tests should be possible to
achieve this.

- --
Robert LeBlanc <[EMAIL PROTECTED]>
Renaissoft, Inc.
Maia Mailguard <http://www.maiamailguard.com/>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFfcAnGmqOER2NHewRAjZxAJ44h/nQ1SQQ/Vrt4NTPOjMLZrmTjACff18j
VgnB4Pi1UxZJwvgBCp1LlhA=
=cZ56
-----END PGP SIGNATURE-----

Reply via email to