[107484] in North American Network Operators' Group
Re: ingress SMTP
daemon@ATHENA.MIT.EDU (Alec Berry)
Thu Sep 4 10:57:40 2008
Date: Thu, 04 Sep 2008 10:57:24 -0400
From: Alec Berry <alec.berry@restontech.com>
To: nanog@nanog.org
In-Reply-To: <200809041428.m84ESehc088883@drugs.dv.isc.org>
Errors-To: nanog-bounces@nanog.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Mark Andrews wrote:
>> You do realise that there a mail clients that check MX
>> records *before* submitting email (or before on sending the
>> email) so that typos get detected in the client before any
>> email is sent from the client.
I think you are not familiar with the difference between the DROP list
and the XBL. The DROP list is *not* an RBL!
I do not allow any traffic at all to or from the DROP list-- including
MX lookups. I can't think of any good reasons why I would.
The XBL is used only to block mail transport-- it is configured in
sendmail, not at the firewall. The scenario you lay out will still work:
- - end user on a dial up that happens to be on the XBL (common)
- - end user queries MX records, either directly or via their name server
- - end user submits mail to their SMTP server (not on the XBL)
- - SMTP server transports mail to my system
Unless one of those systems mentioned above is a hijacked name server in
Kyiv (and thus on the DROP list), everything will work.
...
alec
- --
`____________
/ Alec Berry \______________________________
| Senior Partner and Director of Technology \
| PGP/GPG key 0xE8E9030F |
| http://alec.restontech.com/#PGP |
|-------------------------------------------|
| RestonTech, Ltd. |
| http://www.restontech.com/ |
| Phone: (703) 234-2914 |
\___________________________________________/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFIv/dTREO1P+jpAw8RAqiyAKDJt7FbFvplXB1JTe+dKDOOSXUijQCdH/cZ
4m4o9vE5FS96huARs2Rq5yU=
=Paen
-----END PGP SIGNATURE-----
