Thank you all very much! To wit:
> Henning Brauer <[EMAIL PROTECTED]> writes:
>>On Fri, Apr 05, 2002 at 03:39:23PM -0500, Scott Gifford wrote:
> >Henning Brauer <[EMAIL PROTECTED]> writes:
> > On Fri, Apr 05, 2002 at 03:09:38PM -0500, Ed Abrams wrote:
> > > My problem: We are working with domain name registrars. When a user
> > > registers his domain with one of our partners, that partner will create an
> > > MX record for that new domain, and that MX record will point to our email
> > > server. [without notifying you]
> > So the rule would be "accept and deliver all mail for domains with an MX
> > pointing to me".
> > That's insane and fscking insecure.
>> What's insecure about it, as long as any mail that comes this way is
>> always delivered locally (which seemed to be what Ed wanted), and
>> never relayed to another server?
>okay, the real question is what happens afterwards with the mail. having the
>domain in locals and rcpthosts is not enough as we all know. As you did not
>mention that I guess there is some kind of program delivery, and with this
>in mind (specifically, I had an autocreated mailbox with webmail access in
>mind), everybody can (ab)use your service by just adding MX entries to
>whatever domain.
My intention is to bounce mail delivered to a non-existent box. On the system I have in mind, the actual mailbox creation is what is determined by the remote partner, or the interested user (this may sound odd to you, but honestly, there is a way this can be a good idea :)). If the mailbox isn't there, it is *NOT* autocreated. So this may defuse Henning's main objection, I mean, other than that the idea is insane :) (which I sort of acknowledge, but, I can't do much about it in my situation).
Thanks again, and any additional comments are absolutely welcome.
-Ed Abrams
[EMAIL PROTECTED]
