Am Di, 26.03.2013, 19:33, kd6...@yahoo.com schrieb: > On Tue, 3/26/13, Tilman Schmidt <t.schm...@phoenixsoftware.de> wrote: >> Am 26.03.2013 um 04:35 schrieb kd6...@yahoo.com: >> > If it were to be limited to servers under one's >> control and enforced as such, the routine would have to >> obtain the recipient's MX-RRset internally and test all >> higher priority MTAs; thus it would not need the remote host >> address parameter. It would determine which host in >> the MX-RRset it is running on based on the macro variables >> passed in via the milter interface. >> >> That would exclude a lot of useful and legitimate >> applications. Hint: Not every mail server has an MX RR >> pointing to it. > > 1) I don't consider sender callbacks useful.
Nor do I. That's not what I was talking about. > 2) If this is to be used by secondary MXs to test the primary, there will > be MX records present in the DNS for that domain/hostname label. Neither is this. > 3) Forwarding services shouldn't be randomly probing the ultimate > destinations. I agree. Such things should be done systematically, not randomly. :-) Alright, I'll spell it out for you. Here's the scenario: - You have a so-called groupware server on your internal network, let's say Microsoft Exchange or Lotus Notes. - Quite sensibly you do not want to expose the SMTP port of that server directly to the Internet. - So you put a *nix relay server in your DMZ which accepts mail from the outside and forwards it to your groupware server. - The internal server does not appear in the public DNS at all. - The relay server has a mailertable entry pointing to the groupware server. - The relay server runs MIMEdefang to do all sorts of checks on incoming mail before accepting responsibility for forwarding it. - One of these checks should be whether the recipient address actually exists. - The easiest and most reliable way for that is to ask the groupware server. - The easiest way for that is SMTP call-ahead aka md_check_against_smtp_server. Now I'm sure you'll find a nit to pick with that approach, but to me it's quite sensible and time proven, and it would not work if md_check_against_smtp_server insisted in checking only against servers with published MX RRs. _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang