I believe it is fairly common for inbound and outbound systems to be
quite different. In fact, I see that even though this mail is coming
from my MSN account (seabird(_at_)msn(_dot_)com), I am unable to use the MSN
SMTP
service. MSN has a rule that demands that my current IP address be an
MSN recognized IP address before they will accept email. In other words
they will not relay from anyone. So my POP3 server is an MSN POP3
server, but my SMTP server is my cable provider's SMTP server. All this
is further complicated because for my home business, using an entirely
different set of domains, my SMTP and POP3 servers are my own domain
servers hosted elsewhere.
Chris
-----Original Message-----
From: asrg-admin(_at_)ietf(_dot_)org [mailto:asrg-admin(_at_)ietf(_dot_)org]
On
Behalf Of Sabahattin Gucukoglu
Sent: Monday, August 25, 2003 3:13 AM
To: asrg(_at_)ietf(_dot_)org
Subject: [Asrg] MXs Used As Authentication - Why RMX?
Hi peeps,
I've tried hard to work out a requirement for an additional
DNS RR (RMX -
Danisch Draft) for authentication, but can't understand why MXs alone
can't be used. I must be missing something somewhere. Why
can't you just
resolve the given envelope sender domain, check all of the
MXs hostnames
and see if any of them matches your connecting machine's IP after
resolution to addresses? The hostname could come either from
the SMTP
client greeting (helo/ehlo) or the sender domain, and MX
resolution could
be recursive (including checks to ensure no infinite
recursion). Now, so
long as all possible output relays for a domain are an MX, there's no
problem, right? (Or is this not what happens in the
real-world?) Even if
an IP's RDNS resolves to a name completely different of the
domain, which
happens for people using DDNS on fast connections to the net
(cable/etc),
the solution still works. It just needs coordinated
configuration of MTAs
properly (so that ehlo/helo resolves to owner FQDN) and the
checking code
which would ensure that a hostname given was stripped to form
all possible
domains for checking (ensure that host doesn't get refused if
a relay with
the same domain name - EG xyz.example.org checked as example.org).
Anything need clarifying? Please ask. I'll be back when the
flames die
down a little and someone has put the idea right out... If my
understanding is messy, please let me know where. :-)
Cheers,
Sabahattin
--
Thought for the day:
The only thing that hurts more than paying income tax
is not having to pay income tax.
Latest PGP Public key? Click:
<mailto:PGPPublicKey(_at_)sabahattin-gucukoglu(_dot_)com>
and send that
message as is.
Sabahattin Gucukoglu
Phone: +44 (0)20 7,502-1615
Mobile: +44 (0)7986 053399
http://www.sabahattin-gucukoglu.com/
E-mail or MSN Messenger: <mail(_at_)Sabahattin-Gucukoglu(_dot_)com>
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg