[xmail] Re: accept mail from real MX
On Mon, Feb 02, 2004 at 12:20:15PM -0600, Shiloh Jennings wrote: [snip ... 'LRW' means 'LinuxRoadWarrior', far from home, own SMTP aboard] > The LRW would use SMTP AUTH to send email through his ISP's email server. This is a non standard approach. But on second thought, we all know where the standard approach brought us to :-) Talking about the usual UN*X way of Mail i've got fetchmail/procmail/MUA/MTA on my local machine and only the POP3 mailbox has to be at some host permanently connected to the Net. I have to check whether mutt (for instance) is capeable of SMTP-auth ... > If port 25 is blocked, the other option would be port 587 as proposed by > SPF. This solution does not stop the LRW from sending email. Nobody is > avocating requiring home users to set up VPN tunnels. Home users use their [EMAIL PROTECTED] e-Mail address and 'smtp.home.isp' should know their IP so all is well. Whith or whithout RMX. The roaming user is the interesting one. > > Imagine the RMX sets of FreeMailers (GMX, HotMail et al) ... or do you > > plan to ban them anyway ? > > I don't need to imagine them. If they choose to publish their RMX sets in > their DNS, then my email servers will use that info when deciding whether or > not to accept the email. If they do not publish their RMX information, then > my email servers treat the email the same way it is treated today. Nobody > is avocating blocking free email services. So maybe I#ve got you wrong. Speaking of the perfect RMX world, I could _not_ do the following (which I do today sometimes): I've got a free mail acount at GMX. But rather then using their boring and slow web front end, I have configured a MUA (Mozilla Mail) to read an send mail as that user. POP3 server is 'pop.gmx.at' and SMTP host is 'smtp.my.isp', which is _not_ GMX. My ISP's SMTP accepts the mesages because they come from my host, which is in his IP range, _not_ because it is from his domain (which it is definitely not). If GMX had to deal with this situation via RMX they had to know from somewhere (/dev/crystal_ball perhaps ;-) ) if my IP 'belongs' to that e-Mail address ... so ho would they do that ? > > BTW: ever thought about your sending SMTP server signing mail headers from > > known senders (i.e. [EMAIL PROTECTED] from within the company LAN) digitally > ? [snip] > Post a URL that details this proposal. I'd be interested in reading about > anything that will help us reduce the spam burden. At a glance, this sounds > like something that would not work, because the spammers could simply forge > the sig. But maybe there is more to it than what you have already posted, > and I'd like to read the entire proposal before judging it. I have heard > similar proposals already where the sig data was copyrighted, so the domain > owner could sue the spamer for copyright infringement if the spammer pasted > the sig into any spam. Maybe the proposal you are talking about has > provisions like that in it. There is no URL to post, the idea occured to me once I recieved 45 mails an hour, claiming I sent some worm to some people behind some of those stupid virus defense systems that reply to the 'From:' field in the mail header, not knowing it is forged. I had posted the idea once in this list. I thought of signing the entire message then. But that would mean, the server takes responsibility for the content too, which is clearly impossible and also should not be done. What I propose is to let our company MTA sign the headers of messages coming out of our LAN and from an address within our domain, using a public-key/private-key system (GnuPG comes in mind). It could attach the signature as a seperate MIME part at the end of the message. So users need not read it (unless they like reading massage hashes). Other users or MTAs could verify the signature against the message header they recieve and check if it is valid. Forging the signature would only be possible having the private key of the server. (except for breaking the key, which would be very 'expensive' for a spammer just to get his mails through) Flaws of this concept are: Where to put the public key ? Webpages are a bad place to recieve them automatically, DNS text fields look better (like the keys for FreeSWAN's 'opportunistic encryption'). How could MTAs/MUAs check the sig whithout too much effort ? I mainly think of software adaptions needed. It is easy whith XMail, procmail, but ... Maybe ther is some RFC out there dealing whith a similar topic, I just did not check yet. But something tells me this will become more relevant in the future, so i will pursue the idea anyway ... regards, Goesta -- Wiener Hilfswerk - EDV 1072 Wien, Schottenfeldgasse 29 Tel: 512 36 61 DW 407 / Fax 512 36 61 33 - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: accept mail from real MX
> Maybe I'm in this Biz too long to believe in miracles introduced by new > technologies. There are major flaws in that proposal (link below) too. > First to mention our LRW. Does he really have to build a VPN tunnel to his > homeLAN just to be able to send mail ? The LRW would use SMTP AUTH to send email through his ISP's email server. If port 25 is blocked, the other option would be port 587 as proposed by SPF. This solution does not stop the LRW from sending email. Nobody is avocating requiring home users to set up VPN tunnels. > Imagine the RMX sets of FreeMailers (GMX, HotMail et al) ... or do you > plan to ban them anyway ? I don't need to imagine them. If they choose to publish their RMX sets in their DNS, then my email servers will use that info when deciding whether or not to accept the email. If they do not publish their RMX information, then my email servers treat the email the same way it is treated today. Nobody is avocating blocking free email services. > BTW: ever thought about your sending SMTP server signing mail headers from > known senders (i.e. [EMAIL PROTECTED] from within the company LAN) digitally ? > So the recieving MUA can check the Sig against the public key of the > server and if unmatched, slip the message to the 'not good' folder. Yes, > this is also the proosal of a kind of a new standard, but it works without > changing all the DNS/SMTP servers out there ... Post a URL that details this proposal. I'd be interested in reading about anything that will help us reduce the spam burden. At a glance, this sounds like something that would not work, because the spammers could simply forge the sig. But maybe there is more to it than what you have already posted, and I'd like to read the entire proposal before judging it. I have heard similar proposals already where the sig data was copyrighted, so the domain owner could sue the spamer for copyright infringement if the spammer pasted the sig into any spam. Maybe the proposal you are talking about has provisions like that in it. - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: accept mail from real MX
Davide Libenzi wrote: >On Sun, 1 Feb 2004, Shiloh Jennings wrote: > > > >>Actually, I think SPF is a superset of both RMX and DMP. >>http://spf.pobox.com/draft-mengwong-spf.02.9.4.txt >> >>I personally like the simplicity of RMX, but any of the three solutions will >>cut down noticably on spam. >> >> > >The problem with all those new standards is that until a huge number of >servers will starts using them, they are not useful (at least if you do >not want to cut all the traffic from non-conformant sites). > > > SPF is designed in a way that allows a slow migration into it, i.e. if AOL uses it (And they do), and my server can read their TXT records from the DNS, then I will not receive fake messages from [EMAIL PROTECTED] Right now they set the other addresses (i.e. addresses not actually allowed to send from [EMAIL PROTECTED]) to ?, so they don't return "PASS" or "FAIL" but "UNKNOWN", which could help in increasing their spam score in spam filters, etc. Read their pages on http://spf.pobox.com, they have summary pages for admin and executives that give you most of the story in 5 minutes. - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: accept mail from real MX
And for a lot of legitimate senders, too. MTA hosts are responsible for inbound mail, but MUAs are completely at liberty to send email directly = to recipient MTAs - and, in fact, most modern ones that are full-featured = do just that. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] = On Behalf Of Gustavo Galvan Sent: Saturday, 31 January 2004 5:36 PM To: [EMAIL PROTECTED] Subject: [xmail] Re: accept mail from real MX El S=3DE1b 31 Ene 2004 18:36, Davide Libenzi escribi=3DF3: > On Sat, 31 Jan 2004, Gustavo Galvan wrote: > > First, my configuration files (the basics for that question) > > > > In smtprelay.tab I have: > > "127.0.0.1"=3D3D09"255.255.255.255" > > > > In server.tab I have: > > "EnableAuthSMTP-POP3"=3D3D09"1" > > "SMTP-RDNSCheck"=3D3D09"1" > > "CheckMailerDomain"=3D3D09"1" > > > > but im receiving mail from [EMAIL PROTECTED], but sender ip address is=20 > > n=3D ot > > a=3D3D MX=3D3D20 > > for hotmail.com. > > Is there a way to restrict incoming smtp to only authorized MX for a = > > doma=3D3D in ? > > No. But this is a useful feature to add IMO. Queued. > > > > - Davide > > Thank you Davide. This will be the "begin of the end" for spammers. Gustavo - To unsubscribe from this list: send the line "unsubscribe xmail" in the = body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: accept mail from real MX
On Sun, Feb 01, 2004 at 05:03:52PM -0600, Shiloh Jennings wrote: > > > Don't see that IP in there do you Fails the test Not good. > > > > I agree. De-queued. > > Ah ! great to hear that ! Imagine a 'Linux road warrior' (LRW for short) pluging into the Net far from home, but using his e-Mail address [EMAIL PROTECTED] ... he will use his sendmail/postfix/whatever on the local machine to send mail ... guess how close his IP will be to the MX at home ? > Understandable. What about implementing support for RMX? That is something > a lot of email servers will be moving toward in the near future, and it does > not cause any problems like the idea about simply using the MX. I will try to be as little cynical as possible, but: When was the date we all switched to IPv6 ? Yes, right, we all do 'trusted computing' allready and wasn't it the same guy saying 'There will be no spam whithin 18 month from now' in Davos, who also said '640kB of RAM are enough for everybody' ? Maybe I'm in this Biz too long to believe in miracles introduced by new technologies. There are major flaws in that proposal (link below) too. First to mention our LRW. Does he really have to build a VPN tunnel to his homeLAN just to be able to send mail ? Imagine the RMX sets of FreeMailers (GMX, HotMail et al) ... or do you plan to ban them anyway ? I'm sorry to say that, but I'm afraid we have a long way to go before we get rid of spam. BTW: ever thought about your sending SMTP server signing mail headers from known senders (i.e. [EMAIL PROTECTED] from within the company LAN) digitally ? So the recieving MUA can check the Sig against the public key of the server and if unmatched, slip the message to the 'not good' folder. Yes, this is also the proosal of a kind of a new standard, but it works without changing all the DNS/SMTP servers out there ... just a thought, Goesta > The > following link explains RMX. > http://www.danisch.de/work/security/txt/draft-danisch-dns-rr-smtp-00.txt -- Wiener Hilfswerk - EDV 1072 Wien, Schottenfeldgasse 29 Tel: 512 36 61 DW 407 / Fax 512 36 61 33 - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: accept mail from real MX
- Original Message - From: "Davide Libenzi" <[EMAIL PROTECTED]> To: "XMail mailing list" <[EMAIL PROTECTED]> Sent: Sunday, February 01, 2004 6:57 PM Subject: [xmail] Re: accept mail from real MX > On Sun, 1 Feb 2004, Shiloh Jennings wrote: > > > Actually, I think SPF is a superset of both RMX and DMP. > > http://spf.pobox.com/draft-mengwong-spf.02.9.4.txt > > > > I personally like the simplicity of RMX, but any of the three solutions will > > cut down noticably on spam. > > The problem with all those new standards is that until a huge number of > servers will starts using them, they are not useful (at least if you do > not want to cut all the traffic from non-conformant sites). > > > There are a few domains that get forged most often, and we will see a huge benefit even if only those big names start using spf/rmx/dmp. For example, hotmail.com, aol.com, and yahoo.com. As soon as those three supprt the tech within their dns, it will be advantageous to support that tech in the email servers we run. The tech will simply be used when a domain supports it, and it will not cut any traffic to domains that do not support it. In addition to slowing spam, this tech will help stop email virus/worms that fake the sender address. - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: accept mail from real MX
On Sun, 1 Feb 2004, Shiloh Jennings wrote: > Actually, I think SPF is a superset of both RMX and DMP. > http://spf.pobox.com/draft-mengwong-spf.02.9.4.txt > > I personally like the simplicity of RMX, but any of the three solutions will > cut down noticably on spam. The problem with all those new standards is that until a huge number of servers will starts using them, they are not useful (at least if you do not want to cut all the traffic from non-conformant sites). - Davide - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: accept mail from real MX
Actually, I think SPF is a superset of both RMX and DMP. http://spf.pobox.com/draft-mengwong-spf.02.9.4.txt I personally like the simplicity of RMX, but any of the three solutions will cut down noticably on spam. - Original Message - From: "Tim Aranki" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, February 01, 2004 5:23 PM Subject: [xmail] Re: accept mail from real MX > I could be missing something, and I did not dig in too deep, but RMX and SPF > look an awful lot alike... > > -tim > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Shiloh Jennings > Sent: Sunday, February 01, 2004 5:04 PM > To: [EMAIL PROTECTED] > Subject: [xmail] Re: accept mail from real MX > > > > Don't see that IP in there do you Fails the test Not good. > > > > I agree. De-queued. > > > > > Understandable. What about implementing support for RMX? That is something > a lot of email servers will be moving toward in the near future, and it does > not cause any problems like the idea about simply using the MX. The > following link explains RMX. > http://www.danisch.de/work/security/txt/draft-danisch-dns-rr-smtp-00.txt > > > - > To unsubscribe from this list: send the line "unsubscribe xmail" in the body > of a message to [EMAIL PROTECTED] For general help: send the line > "help" in the body of a message to [EMAIL PROTECTED] > > > - > To unsubscribe from this list: send the line "unsubscribe xmail" in > the body of a message to [EMAIL PROTECTED] > For general help: send the line "help" in the body of a message to > [EMAIL PROTECTED] > > > > - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: accept mail from real MX
I could be missing something, and I did not dig in too deep, but RMX and SPF look an awful lot alike... -tim -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Shiloh Jennings Sent: Sunday, February 01, 2004 5:04 PM To: [EMAIL PROTECTED] Subject: [xmail] Re: accept mail from real MX > > Don't see that IP in there do you Fails the test Not good. > > I agree. De-queued. > Understandable. What about implementing support for RMX? That is something a lot of email servers will be moving toward in the near future, and it does not cause any problems like the idea about simply using the MX. The following link explains RMX. http://www.danisch.de/work/security/txt/draft-danisch-dns-rr-smtp-00.txt - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: accept mail from real MX
> > Don't see that IP in there do you Fails the test Not good. > > I agree. De-queued. > Understandable. What about implementing support for RMX? That is something a lot of email servers will be moving toward in the near future, and it does not cause any problems like the idea about simply using the MX. The following link explains RMX. http://www.danisch.de/work/security/txt/draft-danisch-dns-rr-smtp-00.txt - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: accept mail from real MX
Ok, im sorry. I didn't make the test. Yahoo use same strategy. It's a pain. Im sorry again. Gustavo El S=E1b 31 Ene 2004 23:47, Davide Libenzi escribi=F3: > On Sat, 31 Jan 2004, Bill Healy wrote: > > So you want me to create an MX record for a server that is not reacha= ble > > form the Internet just so that it passes the test of making sure that > > the address that is connecting to your SMTP port is listed as an MX o= f > > the e-mail senders domain??? > > > > Hmmm... hope you don't have a secondary MX server for your domain. > > Because if you do when it tries to send mail to your primary it's IP > > address won't be listed as an MX for the e-mail senders domain. > > > > Also, taking your hotmail.com as an example. I just sent myself a > > message from hotmail, my server received the message from 64.4.37.209= =2E > > Here's the list of hotmail.com MX servers: > > > > mx1.hotmail.com.2304IN A 65.54.166.99 > > mx1.hotmail.com.2304IN A 64.4.50.99 > > mx1.hotmail.com.2304IN A 65.54.252.99 > > mx2.hotmail.com.2304IN A 65.54.190.7 > > mx2.hotmail.com.2304IN A 65.54.254.145 > > mx2.hotmail.com.2304IN A 65.54.252.230 > > mx2.hotmail.com.2304IN A 65.54.166.230 > > mx3.hotmail.com.2304IN A 65.54.167.5 > > mx3.hotmail.com.2304IN A 64.4.50.239 > > mx3.hotmail.com.2304IN A 65.54.253.99 > > mx4.hotmail.com.2304IN A 65.54.253.230 > > mx4.hotmail.com.2304IN A 65.54.167.230 > > mx4.hotmail.com.2304IN A 65.54.190.230 > > mx4.hotmail.com.2304IN A 65.54.254.151 > > ns1.hotmail.com.77457 IN A 216.200.206.140 > > ns2.hotmail.com.77457 IN A 216.200.206.139 > > ns3.hotmail.com.77457 IN A 209.185.130.68 > > ns4.hotmail.com.77457 IN A 64.4.29.24 > > > > Don't see that IP in there do you Fails the test Not good. > > I agree. De-queued. > > > > - Davide > > - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: accept mail from real MX
On Sat, 31 Jan 2004, Bill Healy wrote: > So you want me to create an MX record for a server that is not reachable > form the Internet just so that it passes the test of making sure that > the address that is connecting to your SMTP port is listed as an MX of > the e-mail senders domain??? > > Hmmm... hope you don't have a secondary MX server for your domain. > Because if you do when it tries to send mail to your primary it's IP > address won't be listed as an MX for the e-mail senders domain. > > Also, taking your hotmail.com as an example. I just sent myself a > message from hotmail, my server received the message from 64.4.37.209. > Here's the list of hotmail.com MX servers: > > mx1.hotmail.com.2304IN A 65.54.166.99 > mx1.hotmail.com.2304IN A 64.4.50.99 > mx1.hotmail.com.2304IN A 65.54.252.99 > mx2.hotmail.com.2304IN A 65.54.190.7 > mx2.hotmail.com.2304IN A 65.54.254.145 > mx2.hotmail.com.2304IN A 65.54.252.230 > mx2.hotmail.com.2304IN A 65.54.166.230 > mx3.hotmail.com.2304IN A 65.54.167.5 > mx3.hotmail.com.2304IN A 64.4.50.239 > mx3.hotmail.com.2304IN A 65.54.253.99 > mx4.hotmail.com.2304IN A 65.54.253.230 > mx4.hotmail.com.2304IN A 65.54.167.230 > mx4.hotmail.com.2304IN A 65.54.190.230 > mx4.hotmail.com.2304IN A 65.54.254.151 > ns1.hotmail.com.77457 IN A 216.200.206.140 > ns2.hotmail.com.77457 IN A 216.200.206.139 > ns3.hotmail.com.77457 IN A 209.185.130.68 > ns4.hotmail.com.77457 IN A 64.4.29.24 > > Don't see that IP in there do you Fails the test Not good. I agree. De-queued. - Davide - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: accept mail from real MX
So you want me to create an MX record for a server that is not reachable form the Internet just so that it passes the test of making sure that the address that is connecting to your SMTP port is listed as an MX of the e-mail senders domain??? Hmmm... hope you don't have a secondary MX server for your domain. Because if you do when it tries to send mail to your primary it's IP address won't be listed as an MX for the e-mail senders domain. Also, taking your hotmail.com as an example. I just sent myself a message from hotmail, my server received the message from 64.4.37.209. Here's the list of hotmail.com MX servers: mx1.hotmail.com.2304IN A 65.54.166.99 mx1.hotmail.com.2304IN A 64.4.50.99 mx1.hotmail.com.2304IN A 65.54.252.99 mx2.hotmail.com.2304IN A 65.54.190.7 mx2.hotmail.com.2304IN A 65.54.254.145 mx2.hotmail.com.2304IN A 65.54.252.230 mx2.hotmail.com.2304IN A 65.54.166.230 mx3.hotmail.com.2304IN A 65.54.167.5 mx3.hotmail.com.2304IN A 64.4.50.239 mx3.hotmail.com.2304IN A 65.54.253.99 mx4.hotmail.com.2304IN A 65.54.253.230 mx4.hotmail.com.2304IN A 65.54.167.230 mx4.hotmail.com.2304IN A 65.54.190.230 mx4.hotmail.com.2304IN A 65.54.254.151 ns1.hotmail.com.77457 IN A 216.200.206.140 ns2.hotmail.com.77457 IN A 216.200.206.139 ns3.hotmail.com.77457 IN A 209.185.130.68 ns4.hotmail.com.77457 IN A 64.4.29.24 Don't see that IP in there do you Fails the test Not good. It's not uncommon to have separate servers for sending and receiving messages. So you won't always find MX records for the servers that deliver messages to your server. Bill >-- >From: Gustavo Galvan[SMTP:[EMAIL PROTECTED] >Sent: Saturday, January 31, 2004 3:47 PM >To: [EMAIL PROTECTED] >Subject: [xmail] Re: accept mail from real MX > > >Bill, there is no problem if you declare your 2 servers like valid MX in = >your=20 >DNS. You can have multiple MX for a domain. Maybe your "front end" server= >=20 >with a preference value of 10 and your internal server with 20. >But your internal server must have a public ip address. If you not have a= >=20 >public ip address, you can configure your fron-end server at gateway for=20 >internal server ("DefaultSMTPGateways" option in server.tab) >Now, whats the problem ? > >Gustavo > > >El S=E1b 31 Ene 2004 19:07, Bill Healy escribi=F3: >> Sometimes it's not the MX that send mail out so this could cause >> problems. >> For example I have a front end server that receives mail, scans for spa= >m >> and Virus and then passes it on to my internal server. But when I >> respond to an email it's my internal server that sends it directly to >> the recipients server. >> >> Bill >> >> >-- >> >> From: =09Davide Libenzi[SMTP:[EMAIL PROTECTED] >> >> >Sent: =09Saturday, January 31, 2004 1:36 PM >> >To: =09XMail mailing list >> >Subject: =09[xmail] Re: accept mail from real MX >> > >> >On Sat, 31 Jan 2004, Gustavo Galvan wrote: >> >> First, my configuration files (the basics for that question) >> >> >> >> In smtprelay.tab I have: >> >> "127.0.0.1"=3D09"255.255.255.255" >> >> >> >> In server.tab I have: >> >> "EnableAuthSMTP-POP3"=3D09"1" >> >> "SMTP-RDNSCheck"=3D09"1" >> >> "CheckMailerDomain"=3D09"1" >> >> >> >> but im receiving mail from [EMAIL PROTECTED], but sender ip address is = >not >> >> a=3D MX=3D20 >> >> for hotmail.com. >> >> Is there a way to restrict incoming smtp to only authorized MX for a >> >> doma=3D in ? >> > >> >No. But this is a useful feature to add IMO. Queued. >> > >> > >> > >> >- Davide >> > >> > > >- >To unsubscribe from this list: send the line "unsubscribe xmail" in >the body of a message to [EMAIL PROTECTED] >For general help: send the line "help" in the body of a message to >[EMAIL PROTECTED] > > - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: accept mail from real MX
Davide Libenzi wrote: >>Is there a way to restrict incoming smtp to only authorized MX for a doma= >>in ? >> >> > >No. But this is a useful feature to add IMO. Queued. > > > > I think that if you add such a feature, this is how it should be implemented: http://spf.pobox.com/ - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: accept mail from real MX
Bill, there is no problem if you declare your 2 servers like valid MX in = your=20 DNS. You can have multiple MX for a domain. Maybe your "front end" server= =20 with a preference value of 10 and your internal server with 20. But your internal server must have a public ip address. If you not have a= =20 public ip address, you can configure your fron-end server at gateway for=20 internal server ("DefaultSMTPGateways" option in server.tab) Now, whats the problem ? Gustavo El S=E1b 31 Ene 2004 19:07, Bill Healy escribi=F3: > Sometimes it's not the MX that send mail out so this could cause > problems. > For example I have a front end server that receives mail, scans for spa= m > and Virus and then passes it on to my internal server. But when I > respond to an email it's my internal server that sends it directly to > the recipients server. > > Bill > > >-- > > From: =09Davide Libenzi[SMTP:[EMAIL PROTECTED] > > >Sent: =09Saturday, January 31, 2004 1:36 PM > >To: =09XMail mailing list > >Subject: =09[xmail] Re: accept mail from real MX > > > >On Sat, 31 Jan 2004, Gustavo Galvan wrote: > >> First, my configuration files (the basics for that question) > >> > >> In smtprelay.tab I have: > >> "127.0.0.1"=3D09"255.255.255.255" > >> > >> In server.tab I have: > >> "EnableAuthSMTP-POP3"=3D09"1" > >> "SMTP-RDNSCheck"=3D09"1" > >> "CheckMailerDomain"=3D09"1" > >> > >> but im receiving mail from [EMAIL PROTECTED], but sender ip address is = not > >> a=3D MX=3D20 > >> for hotmail.com. > >> Is there a way to restrict incoming smtp to only authorized MX for a > >> doma=3D in ? > > > >No. But this is a useful feature to add IMO. Queued. > > > > > > > >- Davide > > > > - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: accept mail from real MX
El S=E1b 31 Ene 2004 18:36, Davide Libenzi escribi=F3: > On Sat, 31 Jan 2004, Gustavo Galvan wrote: > > First, my configuration files (the basics for that question) > > > > In smtprelay.tab I have: > > "127.0.0.1"=3D09"255.255.255.255" > > > > In server.tab I have: > > "EnableAuthSMTP-POP3"=3D09"1" > > "SMTP-RDNSCheck"=3D09"1" > > "CheckMailerDomain"=3D09"1" > > > > but im receiving mail from [EMAIL PROTECTED], but sender ip address is n= ot > > a=3D MX=3D20 > > for hotmail.com. > > Is there a way to restrict incoming smtp to only authorized MX for a > > doma=3D in ? > > No. But this is a useful feature to add IMO. Queued. > > > > - Davide > > Thank you Davide. This will be the "begin of the end" for spammers. Gustavo - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: accept mail from real MX
Sometimes it's not the MX that send mail out so this could cause problems. For example I have a front end server that receives mail, scans for spam and Virus and then passes it on to my internal server. But when I respond to an email it's my internal server that sends it directly to the recipients server. Bill >-- >From: Davide Libenzi[SMTP:[EMAIL PROTECTED] >Sent: Saturday, January 31, 2004 1:36 PM >To:XMail mailing list >Subject: [xmail] Re: accept mail from real MX > >On Sat, 31 Jan 2004, Gustavo Galvan wrote: > >> First, my configuration files (the basics for that question) >> >> In smtprelay.tab I have: >> "127.0.0.1"=09"255.255.255.255" >> >> In server.tab I have: >> "EnableAuthSMTP-POP3"=09"1" >> "SMTP-RDNSCheck"=09"1" >> "CheckMailerDomain"=09"1" >> >> but im receiving mail from [EMAIL PROTECTED], but sender ip address is not a= >> MX=20 >> for hotmail.com. >> Is there a way to restrict incoming smtp to only authorized MX for a doma= >> in ? > >No. But this is a useful feature to add IMO. Queued. > > > >- Davide > > >- >To unsubscribe from this list: send the line "unsubscribe xmail" in >the body of a message to [EMAIL PROTECTED] >For general help: send the line "help" in the body of a message to >[EMAIL PROTECTED] > > - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: accept mail from real MX
On Sat, 31 Jan 2004, Gustavo Galvan wrote: > First, my configuration files (the basics for that question) > > In smtprelay.tab I have: > "127.0.0.1"=09"255.255.255.255" > > In server.tab I have: > "EnableAuthSMTP-POP3"=09"1" > "SMTP-RDNSCheck"=09"1" > "CheckMailerDomain"=09"1" > > but im receiving mail from [EMAIL PROTECTED], but sender ip address is not a= > MX=20 > for hotmail.com. > Is there a way to restrict incoming smtp to only authorized MX for a doma= > in ? No. But this is a useful feature to add IMO. Queued. - Davide - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]