pleeeeeeeease fix your quoting. On Fri, Apr 05, 2002 at 05:56:42PM -0500, Ed Abrams wrote: > Henning Brauer <[EMAIL PROTECTED]> writes: > > On Fri, Apr 05, 2002 at 03:39:23PM -0500, Scott Gifford wrote: > > > Henning Brauer <[EMAIL PROTECTED]> writes: > > > > So the rule would be "accept and deliver all mail for domains with an MX > > > > pointing to me". > > > > That's insane and fscking insecure. > > > What's insecure about it, as long as any mail that comes this way is > > > always delivered locally (which seemed to be what Ed wanted), and > > > never relayed to another server? > > okay, the real question is what happens afterwards with the mail. having > > the > > domain in locals and rcpthosts is not enough as we all know. As you did not > > mention that I guess there is some kind of program delivery, and with this > > in mind (specifically, I had an autocreated mailbox with webmail access in > > mind), everybody can (ab)use your service by just adding MX entries to > > whatever domain. > My intention is to bounce mail delivered to a non-existent box. On the > system I have in mind, the actual mailbox creation is what is determined by > the remote partner, or the interested user (this may sound odd to you, but > honestly, there is a way this can be a good idea :)). If the mailbox isn't > there, it is *NOT* autocreated.
Let me rephrase that. 1) joe user registers example.com. 2) the MX for example.com is automatically set to your host. 3) if mail for example.com arrives (and joe user didn't sign up with you), you bounce the message. What is the point of beeing MX then in the first place?! This has a lot of disadvantages. To the outside you claim there is mail service for this domain, but there really isn't. You burn ressources on your systems (accept mail, try delivery, bounce back) for no reason. You burn ressources on the remote systems (send mail instead of bouncing immediately due to lack of MX, receive bounce, deliver bounce) for no reason. I still call this insane. clean solution: become MX once they sign up with you. less clean but still better solution: be MX immediately but do NOT add the domain to locals and rcpthosts. still burns some ressources on both sides for the delivery attempt. -- | Henning Brauer | PGP-Key: http://misc.bsws.de/hb/pubkey.asc | BS Web Services | Roedingsmarkt 14, 20459 Hamburg, DE | http://bsws.de Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
