North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: ingress SMTP

  • From: Alec Berry
  • Date: Thu Sep 04 10:57:42 2008

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mark Andrews wrote:

>> 	You do realise that there a mail clients that check MX
>> 	records *before* submitting email (or before on sending the
>> 	email) so that typos get detected in the client before any
>> 	email is sent from the client.

I think you are not familiar with the difference between the DROP list
and the XBL. The DROP list is *not* an RBL!

I do not allow any traffic at all to or from the DROP list-- including
MX lookups. I can't think of any good reasons why I would.

The XBL is used only to block mail transport-- it is configured in
sendmail, not at the firewall. The scenario you lay out will still work:

- - end user on a dial up that happens to be on the XBL (common)
- - end user queries MX records, either directly or via their name server
- - end user submits mail to their SMTP server (not on the XBL)
- - SMTP server transports mail to my system

Unless one of those systems mentioned above is a hijacked name server in
Kyiv (and thus on the DROP list), everything will work.

...
alec

- --
`____________
/ Alec Berry \______________________________
| Senior Partner and Director of Technology \
| PGP/GPG key 0xE8E9030F                    |
| http://alec.restontech.com/#PGP           |
|-------------------------------------------|
|             RestonTech, Ltd.              |
|        http://www.restontech.com/         |
|          Phone: (703) 234-2914            |
\___________________________________________/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIv/dTREO1P+jpAw8RAqiyAKDJt7FbFvplXB1JTe+dKDOOSXUijQCdH/cZ
4m4o9vE5FS96huARs2Rq5yU=
=Paen
-----END PGP SIGNATURE-----