[Mimedefang] md_check_against_smtp_server and md_graphdefang_log

kd6lvw at yahoo.com kd6lvw at yahoo.com
Mon Mar 25 23:35:53 EDT 2013


--- On Mon, 3/25/13, David F. Skoll <dfs at roaringpenguin.com> wrote:
> On Mon, 25 Mar 2013 13:53:34 -0700 (PDT) kd6lvw at yahoo.com wrote:
> > Although this will issue a QUIT when an error is returned, it does
> > NOT do so when the transaction succeeds to the point where 'DATA' is
> > normally issued.  There are at least two blacklisting DNSBLs that
> > track systems that track callbacks and the failure to issue QUIT.
> > This is a good way to get listed and therefore banned.
> 
> Two comments:
> 
> 1) Read the MIMEDefang source, not the purported source as published
> by a poster on this list.

I was responding directly to what was posted to the list, which has the defect.
 
> 2) md_check_against_smtp_server is intended to be used against servers
> you control.  If you want to blacklist your own MIMEDefang relay...

That may have been your intent for adding the function, but it can easily be abused to perform callbacks to random servers, especially when used to test the sender's address for validity as a return address.  If it were to be limited to servers under one's control and enforced as such, the routine would have to obtain the recipient's MX-RRset internally and test all higher priority MTAs; thus it would not need the remote host address parameter.  It would determine which host in the MX-RRset it is running on based on the macro variables passed in via the milter interface.



More information about the MIMEDefang mailing list