[Mimedefang] Another silly idea
John Rudd
john at rudd.cc
Wed May 3 04:08:05 EDT 2006
On May 3, 2006, at 12:13 AM, Steffen Kaiser wrote:
> I hate this banning of dynamic addresses right away. Sure, there is no
> (at least not known to me) way to know, whether the host with a
> dynamic address is an badly or well configured end-user system,
That's actually not the issue for me. When it comes to "is it a
dynamic IP address", I don't care whether or not it's a badly or well
configured email address. I care whether or not it is an end-user
system, or a server. If it's an end user system, and not my own
end-user system, it shouldn't be making direct connections to my mail
server. I have every right to make that requirement for who gets to
connect to my mail server. No one, _NO_ONE_, has a right to interfere
with my setting that criterion.
adsl.$a.$b.$c.$d.someisp.net is not what I expect to be the email
server of any decent organization ... whether it's a company or a home
mail server (btw: I am in that latter category). If you are an
end-user, then you should go through your ISP's mail server. No if's
and's nor but's. If you're a server, whether it's corporate, so-ho, or
home enthusiast, then set up your service and system to look like one.
If you don't, I don't see why I should accept email from you. So I
don't.
Filtering out "poorly configured email servers" is something I catch
with _other_ techniques, such as blocking RFC-Ignorant listed hosts.
> but this thinking cut me off several net projects, because I couldn't
> communicate with the project in a reasonable way anymore.
You couldn't use a yahoo or gmail account just for those projects?
> For one: If you want to use "roles" (e.g. use the Sourceforge mail
> address for projects hosted on SF.net, other ones for other projects
> a.s.o) the ISP must let the From field pass unaltered - actually I
> don't know one doing so without charging yet another fee.
I don't see how that's my problem. For one, I do pay a slightly higher
fee in order to have a static IP address through an ISP that lets me
set my PTR record to match my forward DNS. That's the price _I_ pay
for having my own mail service instead of doing email through services
whose processes I don't like.
If you aren't going to make that small leap in price, I don't see how
that makes it my problem that you're not able to interact with various
projects or servers. It's not my obligation to accept email directly
from your end-user system just because you're not willing to pay a
slightly higher fee.
> To implement a whitelist system for well-behaved MTAs includes the
> assumption that those have _fixed_ IP addresses; this need not be
> true.
> I would at least give those poor people out there using a
> well-configured MTA on a dynamic address the chance to communicate
> with the world, e.g. using certificates.
I do. I wait until filter_sender, so that I can do various types of
exemptions (SMTP-AUTH or by IP address). The fact that other services
do their blocking during the TCP connection isn't my problem. I'm not
responsible for how they run their mail servers. I'm responsible for
how I run mine. Mine blocks what appear to be dynamic and end-user IP
addresses, but makes room for exceptions based upon IP address and/or
SMTP-AUTH.
The fact that you can't use other sites because they do this blocking
in a different way doesn't make the technique I use at my sight flawed.
Though, while some implementations of the general technique might be
either flawed or inconvenient, that's not my problem.
More information about the MIMEDefang
mailing list