[Mimedefang] md_check_against_smtp_server and md_graphdefang_log
skmimedefang at smail.inf.fh-bonn-rhein-sieg.de
Tue Mar 26 03:51:58 EDT 2013
-----BEGIN PGP SIGNED MESSAGE-----
On Mon, 25 Mar 2013, kd6lvw at yahoo.com wrote:
>> 2) md_check_against_smtp_server is intended to be used against servers
>> you control. If you want to blacklist your own MIMEDefang relay...
> That may have been your intent for adding the function, but it can
> easily be abused to perform callbacks to random servers, especially when
well, there is Net::SMTP, which can be abused, too, the same way. However,
pointing out the intention puts the burden of abuse that code onto the
> used to test the sender's address for validity as a return address. If
> it were to be limited to servers under one's control and enforced as
> such, the routine would have to obtain the recipient's MX-RRset
> internally and test all higher priority MTAs; thus it would not need the
> remote host address parameter. It would determine which host in the
> MX-RRset it is running on based on the macro variables passed in via the
> milter interface.
I don't agree, using the MX is necessary for external addresses, but for
internal ones, esp. if the server does not relay many domains, which are
managed by others, one usually knows the correct _internal_ maildrop host,
which has probably no MX at all. At least one saves the DNS requests.
The use of MX records would make it much more easier to use the function
for external addresses.
Actually, the man page could stress the fact more, that external hosts
will not like using the function against them maybe blacklist the server,
because this is considered address harvesting.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the MIMEDefang