Giampaolo Tomassoni wrote:
-----Messaggio originale-----
Da: Matus UHLAR - fantomas [mailto:[EMAIL PROTECTED]
...omissis...
I am really curious how do they behave when there's forged sender and
both
MTA's use this. Either they will cycle forever (so they will never know
if
either address is OK), or they will stop checking (so the spam will
pass
because spammer forged domain with SAV implemented) or the mail (even
legitimate!) just will not pass...
Once I'll try this on two or more such systems (in parallel!) and see
if
they will DoS each other...
No, Matus: they don't cycle.
An MTA willing to check the existence of a sender address would do this
before its reply after end of DATA (i.e.: after having received the
message). Instead, an MTA would inform its peer of a non-existent mailbox
after RCPT-TO (with a 5XX error code), which is well before DATA.
The checking system need not proceed to DATA in order to check the existence
of a mailbox, so there is no cycle...
I believe the more direct reason why there wont be a cycle/loop is that:
When doing SAV, the checking host should set its "Mail-From" to "<>".
So, if someone tries to send me a message from [EMAIL PROTECTED], and I
were to use SAV (which I don't), then the SAV check should have these
transactions:
HELO $MYHOST
Mail-From: <>
RCPT-To: <[EMAIL PROTECTED]>
QUIT
The reason why this shouldn't cause a loop is that RFCs specifically
state that <> a valid Mail-From, and should always be accepted.
Therefore, the other side should never reject (and therefore never
check) the validity of <> as a mail-from.
