On Fri, 4 Jan 2002, Octavio / Super wrote:
> How can I deny all MAIL FROM: <> commands from hosts which are not
> MX for a domain?
You should not do this, for multiple reasons.
1. The null envelope sender ("MAIL FROM:<>") is used by MTAs to
communicate Delivery Service Notification (DSN) messages, such as
"address unknown" bounces, temporary failures, etc. If you block
the null envelope sender, all users at your site will silently
lose the ability to receive any DSN messages.
2. RFC1123 (section 5.2.9) *requires* all sites to accept the null
envelope sender. If you reject the null envelope sender, your
site will not be in compliance with Internet mail standards.
3. There are sites (such as www.rfc-ignorant.org) which exist to
catalog and blacklist mail servers which do not accept the null
envelope sender. Sooner or later, your failure to comply with
Internet mail standards will be noticed, and your site will be
blacklisted.
4. Chances are, your logic is that by blocking the null envelope
sender, you'll reduced the amount of spam your site receives.
This is false. The vast, vast majority of spam is sent with a
fictitious (but not null) envelope sender address, precisely
because spammers realized that some people were blocking the null
envelope sender address in an attempt to avoid spam.
One should not reject the null envelope sender address, ever.
--
James Ralston, Postmaster General
Software Engineering Institute
Carnegie Mellon University, Pittsburgh, PA, USA
