[Mimedefang] Another silly idea

[John Rudd]

On May 3, 2006, at 12:13 AM, Steffen Kaiser wrote:

> I hate this banning of dynamic addresses right away. Sure, there is no 
> (at least not known to me) way to know, whether the host with a 
> dynamic address is an badly or well configured end-user system,

That's actually not the issue for me.  When it comes to "is it a 
dynamic IP address", I don't care whether or not it's a badly or well 
configured email address.  I care whether or not it is an end-user 
system, or a server.  If it's an end user system, and not my own 
end-user system, it shouldn't be making direct connections to my mail 
server.  I have every right to make that requirement for who gets to 
connect to my mail server.  No one, _NO_ONE_, has a right to interfere 
with my setting that criterion.

adsl.$a.$b.$c.$d.someisp.net is not what I expect to be the email 
server of any decent organization ... whether it's a company or a home 
mail server (btw: I am in that latter category).  If you are an 
end-user, then you should go through your ISP's mail server.  No if's 
and's nor but's.  If you're a server, whether it's corporate, so-ho, or 
home enthusiast, then set up your service and system to look like one.  
If you don't, I don't see why I should accept email from you.  So I 
don't.

Filtering out "poorly configured email servers" is something I catch 
with _other_ techniques, such as blocking RFC-Ignorant listed hosts.

> but this thinking cut me off several net projects, because I couldn't 
> communicate with the project in a reasonable way anymore.

You couldn't use a yahoo or gmail account just for those projects?

> For one: If you want to use "roles" (e.g. use the Sourceforge mail 
> address for projects hosted on SF.net, other ones for other projects 
> a.s.o) the ISP must let the From field pass unaltered - actually I 
> don't know one doing so without charging yet another fee.

I don't see how that's my problem.  For one, I do pay a slightly higher 
fee in order to have a static IP address through an ISP that lets me 
set my PTR record to match my forward DNS.  That's the price _I_ pay 
for having my own mail service instead of doing email through services 
whose processes I don't like.

If you aren't going to make that small leap in price, I don't see how 
that makes it my problem that you're not able to interact with various 
projects or servers.  It's not my obligation to accept email directly 
from your end-user system just because you're not willing to pay a 
slightly higher fee.

> To implement a whitelist system for well-behaved MTAs includes the 
> assumption that those have _fixed_ IP addresses; this need not be 
> true.
> I would at least give those poor people out there using a 
> well-configured MTA on a dynamic address the chance to communicate 
> with the world, e.g. using certificates.

I do.  I wait until filter_sender, so that I can do various types of 
exemptions (SMTP-AUTH or by IP address).  The fact that other services 
do their blocking during the TCP connection isn't my problem.  I'm not 
responsible for how they run their mail servers.  I'm responsible for 
how I run mine.  Mine blocks what appear to be dynamic and end-user IP 
addresses, but makes room for exceptions based upon IP address and/or 
SMTP-AUTH.

The fact that you can't use other sites because they do this blocking 
in a different way doesn't make the technique I use at my sight flawed. 
  Though, while some implementations of the general technique might be 
either flawed or inconvenient, that's not my problem.