This is forwarded from another mailing list.... >So the algorithm would become, I think: > >Suppose the IP 1.2.3.4 identifies using HELO (or EHLO) as "outmx.example.com": > >1) Lookup MX records for outmx.example.com. > If the IP address of one of the returned MX hostnames is 1.2.3.4, > mark as "DHVP verified", and the connection is accepted. > If one of the records returned is "outmx.example.com. MX 0 .", > the connection is refused. > Otherwise, we continue. > >2) Lookup TXT records for _helo.outmx.example.com. > If no TXT record exists, continue with step 3. If a TXT record exists > with "DHVP:a.b.c.d", mark as "DHVP verified", and the connection is > accepted. If no matching TXT record exists (but any other TXT record > matching "DHVP:*" exists?), the connection is refused. > >3) Remove the hostname part of the FQDN, and do another MX lookup as in > step 1. If one of the returned MX hostnames has an IP address of > a.b.c.d, mark as "DHVP verified" and accept connection. Otherwise, > continue with step 3 until there are only 2 parts left in the FQDN. > (and specifically, do not treat "MX 0 ." as a refusal in this step). > >4) Optionally, repeat steps 1-3 with the FQDN outmx.example.com.HELPERDOMAIN > where HELPERDOMAIN is a suitable DNSBL-style DHVP-aiding domain. > (Any takers on this one? Adding a few big ISPs who are currently non > conforming would certainly help). Note that when repeating step 3 > with HELPERDOMAIN, do not continue up past example.com.HELPERDOMAIN > (so 2nd level below HELPERDOMAIN, in general). > >5) mark as "DHVP unverified" and let local policy determine whether or > not to accept the connection.
- To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
