ietf-asrg
[Top] [All Lists]

Re: [Asrg] Re: 6 - Designated Relays Inquiry Protocol (DRIP)

2003-06-29 12:20:38
At 11:17 AM 6/29/2003 -0400, Richard Rognlie wrote:

> RMX (et al) deal with the envelope from address.  This proposal has
> nothing to do with the envelope.  It is an attempt to sanitize the
> hostname specified as the HELO/EHLO when connecting to a remote
> MTA.
>
> IOW,  If I connect to a remote MTA and my MTA sends the greeting
> EHLO play.gamerz.net.  That MTA can do a lookup of
> my_ip_ad_dr._relays_._email_.play.gamerz.net and see immediately
> that if it gets my.ip.ad.dr as the response, that, indeed, I am
> a DRIP subscribed host.  If any other host attempts to connect
> and claim to be play.gamerz.net, the IPs will not match (or there
> will be no record at all).
>
> If the IPs do not match, it is a host forging my hostname.  Drop
> the connection like a hot potato[e].  If no record is returned at all

D'oh!  I forgot to mention.  We don't actually drop the connection here.
We can't.  It might be a host that is doing the EHLO in preparation
for an SMTP AUTH session for a true "local" user, who happens to be
roaming.   We don't start rejections until later (during the env-from
when I can check the status of the SMTP AUTH flags [in the milter
implementation, anyway.  other MTA implementations methodologies may
vary])

Very good point. We can probably drop the connection after MAIL FROM or RCPT TO.

Yakov

_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg