[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Asrg] MXs Used As Authentication - Why RMX?

I believe it is fairly common for inbound and outbound systems to be
quite different. In fact, I see that even though this mail is coming
from my MSN account (seabird@msn.com), I am unable to use the MSN SMTP
service. MSN has a rule that demands that my current IP address be an
MSN recognized IP address before they will accept email. In other words
they will not relay from anyone. So my POP3 server is an MSN POP3
server, but my SMTP server is my cable provider's SMTP server. All this
is further complicated because for my home business, using an entirely
different set of domains, my SMTP and POP3 servers are my own domain
servers hosted elsewhere. 

Chris 

> -----Original Message-----
> From: asrg-admin@ietf.org [mailto:asrg-admin@ietf.org] On 
> Behalf Of Sabahattin Gucukoglu
> Sent: Monday, August 25, 2003 3:13 AM
> To: asrg@ietf.org
> Subject: [Asrg] MXs Used As Authentication - Why RMX?
> 
> 
> Hi peeps,
> 
> I've tried hard to work out a requirement for an additional 
> DNS RR (RMX - 
> Danisch Draft) for authentication, but can't understand why MXs alone 
> can't be used.  I must be missing something somewhere.  Why 
> can't you just 
> resolve the given envelope sender domain, check all of the 
> MXs hostnames 
> and see if any of them matches your connecting machine's IP after 
> resolution to addresses?  The hostname could come either from 
> the SMTP 
> client greeting (helo/ehlo) or the sender domain, and MX 
> resolution could 
> be recursive (including checks to ensure no infinite 
> recursion).  Now, so 
> long as all possible output relays for a domain are an MX, there's no 
> problem, right? (Or is this not what happens in the 
> real-world?)  Even if 
> an IP's RDNS resolves to a name completely different of the 
> domain, which 
> happens for people using DDNS on fast connections to the net 
> (cable/etc), 
> the solution still works.  It just needs coordinated 
> configuration of MTAs 
> properly (so that ehlo/helo resolves to owner FQDN) and the 
> checking code 
> which would ensure that a hostname given was stripped to form 
> all possible 
> domains for checking (ensure that host doesn't get refused if 
> a relay with 
> the same domain name - EG xyz.example.org checked as example.org).
> 
> Anything need clarifying?  Please ask.  I'll be back when the 
> flames die 
> down a little and someone has put the idea right out...  If my 
> understanding is messy, please let me know where. :-)
> 
> Cheers,
> Sabahattin
> 
> -- 
> 
> Thought for the day:
>     The only thing that hurts more than paying income tax
>     is not having to pay income tax.
> 
> Latest PGP Public key?  Click: 
> <mailto:PGPPublicKey@sabahattin-gucukoglu.com>
> and send that 
> message as is.
> 
> Sabahattin Gucukoglu
> Phone: +44 (0)20 7,502-1615
> Mobile: +44 (0)7986 053399
> http://www.sabahattin-gucukoglu.com/
> E-mail or MSN Messenger: <mail@Sabahattin-Gucukoglu.com>
> 
> 
> _______________________________________________
> Asrg mailing list
> Asrg@ietf.org
> https://www1.ietf.org/mailman/listinfo/asrg
> 



_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg