On Thu, Jun 25, 2009 at 01:37:46PM +0200, Alessandro Vesely wrote:
AFAIK, there is no way SMTP can be configured so that a given sending
location can be whitelisted. One can try and detect what MTA sends the
message and whitelist specific filters, presumably doing detection by
the IP address of each mailout. That's much like VPN: being at a higher
level doesn't ease the task. For example, assume someone trusts Gmail's
egress filtering and wants to skip content filtering for mail coming from
there. What work is required to accomplish (and maintain) that task, on
typical MTA software?
Yes, MTAs can be configured so that a given sending location -- that is,
IP address -- is whitelisted. I do it all the time. But it's not a
very good solution, and it doesn't scale. Moreover, it's brittle: if the
sender's outbound mail server changes its address, then it stops working.
Conversely, if someone else acquires that server's previous address,
then it starts working for someone I didn't intend it to work for.
Level of work? I think, roughly speaking, it's one or two lines of
configuration with most MTAs. But (as I think you're pointing out) the
actual configuration itself isn't the issue: it's the time and effort
that it takes to figure out what should be in the configuration, and
then to maintain it.
---Rsk
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg