On Fri, 10 Dec 2004, David Woodhouse wrote:
Thanks for doing this, it saves me from having to :-)
I'd appreciate it if someone could glance at this and check it's
correct.
This is a CSA implementation. CSV = CSA + DNA.
You should probably use $acl_c variables, since CSA is related to the
connection not individual messages.
No attempt at checking the authentication (accreditation) parts yet.
You've misunderstood the division of responsibility in CSV.
The CSA record determines whether SMTP clients are authorized to use that
host name in HELO.
The HELO name is authenticated by requiring that the client IP address
matches a forward DNS lookup of the CSA target host name. (This usually
comes for free in the additional data of the CSA lookup.)
DNA is used for accreditation/reputation.
I fail to understand the point of the "don't authenticate me" option in
CSA, and what implementers are supposed to do with that kind of CSA record
that's different from the absence of a CSA record. I *think* you should
just throw away CSA records with weight=3.
Tony.
--
f.a.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
MALIN HEBRIDES: NORTHEAST 4 OR 5 INCREASING 6. RAIN LATER. GOOD BECOMING
MODERATE.