[Mimedefang] Sender validation
Kelson Vibber
kelson at speed.net
Thu Jun 24 12:48:25 EDT 2004
At 08:59 AM 6/24/2004, WBrown at e1b.org wrote:
>Can you explain your criteria for accepting a sender if the host is not an
>MX for the domain? We have CanIT Pro and the mismatch rules tened to
>block alot of the "send the page to a friend" and e-card type emails. I
>had to give up on them (the mismatch rules, that is).
It looks like he's not checking that the sending server *is* an MX for the
domain, (which would cause problems with sites that use separate servers
for incoming and outgoing mail), but checking *an* MX to see if it
recognizes the supposed sender's address.
The logic is more along the lines of:
- Sender claims to be fakeuser at speed.net
- Look up MX records for speed.net
- Connect to mail.speed.net and see if it accepts mail for fakeuser at speed.net
- From "User unknown" error, conclude that the sender is invalid and reject
the message
In the old days, it might have been done using VRFY, but so many sites have
disabled it to throw a roadblock in front of dictionary attacks.
Kelson Vibber
SpeedGate Communications <www.speed.net>
More information about the MIMEDefang
mailing list