Re: [Asrg] whitelisting server and not users

[Steven F Siirila <sfs@tc.umn.edu>]

On Wed, Apr 02, 2003 at 04:06:32PM -0500, Kee Hinckley wrote:
> At 3:00 PM -0600 4/2/03, Steven F Siirila wrote:
> >It "breaks" it no more than adding just the TXT record itself in 
> >that both must
> >be configured by the DNS administrator in order to pass the "good MTA" 
> >test.
> 
> Sorry, I misread the proposal.  I thought it was finding the 
> authenticating domain by looking at envelope.  Not from reverse 
> looking up the IP address.  In that case you're right--they both 
> break too many systems.  :-)
> 
> Too many ISPs don't provide reverse DNS to their customers, but do 
> allow mail servers.  And many of those that do provide reverse DNS, 
> reverse it to their own domain, not the sender's domain.

Not a problem here since we also look up the EHLO name.  If that resolves
to the caller's IP address, it counts as good as a PTR record in our book.

> envelope -> domain -> lookup ip at domain
> 
> I think can work.  Straight reverse IP lookups are harder.
> -- 
> Kee Hinckley
> http://www.messagefire.com/          Junk-Free Email Filtering
> http://commons.somewhere.com/buzz/   Writings on Technology and Society
> 
> I'm not sure which upsets me more: that people are so unwilling to accept
> responsibility for their own actions, or that they are so eager to regulate
> everyone else's.
> _______________________________________________
> Asrg mailing list
> Asrg@ietf.org
> https://www1.ietf.org/mailman/listinfo/asrg

-- 

Steven F. Siirila			Office: Lind Hall, Room 130B
Internet Services			E-mail: sfs@umn.edu
Office of Information Technology	Voice: (612) 626-0244
University of Minnesota
_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg