[Mimedefang] md_check_against_smtp_server and md_graphdefang_log

Steffen Kaiser skmimedefang at smail.inf.fh-bonn-rhein-sieg.de
Tue Mar 26 03:51:58 EDT 2013 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, 25 Mar 2013, kd6lvw at yahoo.com wrote:

>> 2) md_check_against_smtp_server is intended to be used against servers
>> you control.  If you want to blacklist your own MIMEDefang relay...
>
> That may have been your intent for adding the function, but it can 
> easily be abused to perform callbacks to random servers, especially when

well, there is Net::SMTP, which can be abused, too, the same way. However, 
pointing out the intention puts the burden of abuse that code onto the 
user.

> used to test the sender's address for validity as a return address.  If 
> it were to be limited to servers under one's control and enforced as 
> such, the routine would have to obtain the recipient's MX-RRset 
> internally and test all higher priority MTAs; thus it would not need the 
> remote host address parameter.  It would determine which host in the 
> MX-RRset it is running on based on the macro variables passed in via the 
> milter interface.

I don't agree, using the MX is necessary for external addresses, but for 
internal ones, esp. if the server does not relay many domains, which are 
managed by others, one usually knows the correct _internal_ maildrop host, 
which has probably no MX at all. At least one saves the DNS requests.

The use of MX records would make it much more easier to use the function 
for external addresses.

Actually, the man page could stress the fact more, that external hosts 
will not like using the function against them maybe blacklist the server, 
because this is considered address harvesting.

Regards,

- -- 
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEVAwUBUVFTn58mjdm1m0FfAQLgWAf/fWYrtmFoj7armpAry8prZLRtkipFfMFM
t57TiSuAgFIuX3M/HV8IIfs/pf929nf9u27efiy792uFqYmwqKRZrRxVCo96pesi
VS7qZC+UzSClWKsi7EQ6RUqTzg1Mj27pjqCxaUmjOn3bMdOJjeGx0YlQuJcd9BOC
pb49mdgo3s/u2bnEOMuYDRhSZpdwOU0vBFrzaQxcvdiDfIDrF+dlXJpmAlRoOn/d
VKDPTka3ub+nSulb+T4C2VYYe1rpIMivcU2dgG4typHEFB+Uu+VEsPvEO6zuQp1F
7jxeRdDisQg6iP4R/O8YiqM9sjrE9QsFK8LZisrpr8vkf4nfe+zgOg==
=jD3F
-----END PGP SIGNATURE-----

More information about the MIMEDefang mailing list