On Mon, Feb 11, 2002 at 09:44:03AM -0500, dman wrote:
> On Mon, Feb 11, 2002 at 02:28:36PM +0000, Matthew Byng-Maddick wrote:
> | This is a bad idea. What about, for example, dialup lists?
> Use or don't use the DUL as you feel appropriate. Many people feel
> that dialup users ought to be using their ISP as a relay instead of
> delivering directly anyway.
*bzzzt* wrong answer. The DULs cannot be used if you check all the
Received: headers, as they only make sense when used to this MX. Anything
else may well be a legitimate smarthost, and you have no way of knowing
this. The real RBLs and the Open Relay lists are OK for checking, but
won't necessarily DTRT.
> | It also assumes that you trust the veracity of the Received: headers
> | that your mailserver doesn't generate,
> Yeah. Likewise for all other information in an email or its envelope
> (aside from the RCPT).
Not quite the same. You know who you're talking to in an SMTP session,
you can do some checks that the sender address exists (unless they
pretend to be from yahoo, in which case you can't). You can do checks
on the recipient address. Obviously, this stuff can be faked, but the
point is that trusting Recieved: headers to tell you the right
information can get you nowhere....
MBM
--
Matthew Byng-Maddick <mbm@???> http://colondot.net/