At 15:45 7/12/2003, Davide Libenzi wrote: > > As I understand it, the parameter to HELO/EHLO is treated as a domain name, > > and an MX lookup is done on that domain. If *any* MX record is returned, > > processing continues. If *no* MX records are returned, then an A lookup is > > done. If an A record is found, processing continues, otherwise we get the > > ENODNS error. > >Before MX and eventually, on failure A record. But not on the HELO domain, >but on the sender domain.
OK, what I wanted to propose is having a flag that will: 1) Take the name supplied on the HELO/EHLO and 2) Attempt to retrieve all MX records for that name - if the name supplied is not a valid DNS name, or there are no MX records for the name, fail. 3) Check to see if any one of the retrieved MX records match the connecting IP address. If not, fail There is a movement afoot to propose a new RFC for the purpose of combating/controlling spam by means of allowing mail transfer only from machines which meet either of the following two criteria: 1) The name supplied to HELO has an MX record which resolves to the connecting IP address 2) The connecting IP address has a valid, specially formatted TXT record associated with it (the details on exactly what the TXT record would contain have not yet been settled) The only problem with implementing it now is that some domains (especially larger domains - such as AOL) will currently fail the test because they use outbound mail servers which do not have MX records. But it would be possible to whitelist such servers for the interrim, should it be desirable to receive mail from them - and I believe that checking for a valid MX matching the HELO name and the connecting IP address would *significantly* reduce incoming spam (not to mention email borne viruses).... So, what do you think? Any interest? - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
