Re: [Exim] AOL - SPF - and EXIM

Top Page
This message is part of the following thread:
M---+\the complete thread tree sorted by date
M...MMDavid Brodbeck at <-
M++\MMEdgar Lovecraft at ->
Delete this message
Reply to this message
Author: Richard Welty
Date:  
To: 'Exim User's Mailing List'
Subject: Re: [Exim] AOL - SPF - and EXIM
On Thu, 17 Jun 2004 08:40:01 -0400 David Brodbeck <DavidB@???> wrote:
> > From: Greg A. Woods [mailto:woods@most.weird.com]

> > > RFC2821 doesn't allow for rejecting mail just because the IP
> > > does not verify.

> > Where-oh-where did you get that bogus idea from!?!?!?

> > No RFC can ever dictate site security policies!

> I based that comment on this paragraph of RFC 2821, from section 4.1.4: 

>    An SMTP server MAY verify that the domain name parameter in the EHLO
>    command actually corresponds to the IP address of the client.
>    However, the server MUST NOT refuse to accept a message for this
>    reason if the verification fails: the information about verification
>    failure is for logging and tracing only.

and i've long wondered why that paragraph is in there, seeing as the
RFC doesn't attempt to prescribe any other site security policies.

i think it's very much out of place and obsolete. 

richard
--
Richard Welty                                         rwelty@???
Averill Park Networking                                         518-573-7592
    Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security




This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-RE: [Exim] AOL - SPF - and EXIMRE: [Exim] AOL - SPF - and EXIM->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)