You already got a couple of responses but let me pile on.
On 3/10/2005 3:17 AM, [EMAIL PROTECTED] wrote:
> However, I still believe it is perfectly legal to refuse mail if
> - the HELO matches my own MX, or lists one of my IPs
I do this too. My local networks get an immediate exception to all other
filters, and all other connections are queried against an LDAP server that
stores PERMIT/REJECT ACLs, with REJECT entries for my own networks. So if
a remote connection gets to that point in the process and claims to be me,
it's lying. Separately, I run a submission server on another port, which
uses strict authentication, and doesn't use the LDAP ACLs. All my clients
use the submission server, which allows them to roam.
> - the MAIL FROM pretends to be one of my users
I don't recommend that. There's the eBay problem, but there are also
online newspapers and magazines ("send this article") that use ~your
address as the envelope sender. There are some mailing groups that use
aliases instead of lists, and some mailing lists don't "re-send" the
message, in both cases the envelope sender doesn't get rewritten.
--
Eric A. Hall http://www.ehsco.com/
Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
