Re: [Exim] Fixing SPF Forward Problem by Reply-to: Hack?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Edgar Lovecraft
Date:  
À: exim-users
Sujet: Re: [Exim] Fixing SPF Forward Problem by Reply-to: Hack?
(I am combining two emails into one here...)
Email one:

Tom Kistner wrote:
>
> Edgar Lovecraft wrote:
>
> > Why are these issues??? Am I the only person that knows how to setup
> > DNS PTR records for "virtual" servers that go through NAT??
>
> Not the only one. But you are one member of a very exclusive class. You
> know what you do. That also includes many of those who are on this list.
> For each of us there are 20 others who are clueless, and yet they are
> doing network administration jobs.
>

Well now, thanks for the compliment :)
This I do know too, as I educate those admins that cannot send email to
our clients, and there are many that need it.
But I think that my point still stands, it can be done, it is really not
that hard to do, and those that are clueless will either learn, get their
email rejected, or pay some money to someone who can make it work.
>
> In the coporate world, you can't afford to lose mail, even from
> technical cretins. Because you want their money.
>

Yes, I know, I do this in the coporate world and why I have learned to live
with things as they are, much to my frustration... sigh...
It would be a good opertunity for some enterprising person to make money :)
----------------------------------
Email two:

Tom Kistner wrote:
>
>Edgar Lovecraft wrote:
>
> > So see, if SPF requires proper DNS PTR records, why not just start
> > there to begin with?
>
> If they use 'ptr'. They can also announce raw IP blocks. People using
> 'ptr' should have control over their reverse zones.
>
> If you are a small company with less then a full /24 network, you'll
> probably not get the reverse zone delegated to one of your servers.
>
> My point was that many companies running mail servers do not have access
> to their own reverse zone. Sure, they can pester their ISP. But they
> usually have easy access to their forward zone(s), so they can use SPF,
> and they don't have to use 'ptr' in their SPF TXT records.
>

These are also the same companies that tend to have 'broken' MTA's now, so
why would they become 'un-broken' with SPF, if they are broken as it is,
because and admin does not know how to setup a proper MTA, what make anyone
think that the same admin will be able to implement SPF properly? As it
is, these systems do not get 'fixed' currently as everyone takes their
email now, that is just shameful. We should not be accepting email from
non RFC compliant servers, but most of us feel that 'we have to' because if
we do not, then customers complain. Now, you take a couple of the "big
ISP's" and have them say you must comply, I can then take my smaller user
base, and see, MSN, AOL, etc do this, so I am not making it up that so-and-
so is running a misconfigured server.
As to the DNS PTR records, I have never had any problem with any of our
customers getting their DNS PTR records setup (even when our customer has
DNS through another hosting service or ISP).
Perhaps there are really bad ones out there, and yes I have even had to
contact customers DNS providers and tell them HOW a 'record' should look,
but any hsoting service/ISP that wants to stay in business is going to
help thier customers 'get it right', or risk losing them.
The bottom line for me is really this, it is much easier for a person to
install a web server (notice I did not say 'secure' or 'proper') and get
proper DNS for the IP, than it is for a person to install an MTA and get
proper DNS for the IP, as there is more involed with the MTA than the web
server. Lets face it and preach it, SMTP is not 'as easy as it looks'.

--
By the way, if I never had thanked you before, thanks for all the work you
do on exiscan and other things for the exim community! :)
--EAL--