Robert LeBlanc wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
John Rudd wrote:
Robert LeBlanc wrote:
Connections arriving on port 25 can be assumed to come from
servers with MX records, so that becomes a testable assumption and a
precondition for connection.
There are two things that are wrong with that statement.
1) MX records are a good idea, not an absolute requirement.
2) MX records are for determining a domain's incoming mail servers. The
problem at hand is determining whether you're correctly dealing with a
domain's outgoing mail servers.
For a SOHO mail server, you might be able to assume that the incoming
and outgoing mail servers are the same. But, that isn't necessarily
true, and it's an assumption that doesn't scale to large organizations.
My mistake, then; thanks for the clarification. I suppose what we need,
then, is something like a "TX" record for helping to identify outbound
mail servers.
All of that said, though, my basic point remains--you can apply stricter
assumptions to your port 25 connections once you separate out your
client traffic to a submission port. Using MX records may not be the
way to do this, but combinations of other tests should be possible to
achieve this.
- --
Robert LeBlanc <[EMAIL PROTECTED]>
Renaissoft, Inc.
Maia Mailguard <http://www.maiamailguard.com/>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFfcAnGmqOER2NHewRAjZxAJ44h/nQ1SQQ/Vrt4NTPOjMLZrmTjACff18j
VgnB4Pi1UxZJwvgBCp1LlhA=
=cZ56
-----END PGP SIGNATURE-----
SPF already does this....
--
Thanks,
James
