[Matthew Elvey (FM)]:
Kjetil Torgrim Homme wrote:
> might as well leave SMTP out of it. connect to a port, enter a
> recipient address,
Whatever is easier to implement and use. A web form would work too.
But I think SMTP is probably best.
I'm just worried about the service being abused by spammers.
For example, say you want to test a system that scans for spam on
the way OUT.
interesting point.
You'd set your client's (outoging) smtp server to
QuizzicServer.MIT.edu or whatever. If there's an SMTP proxy run
by your system or ISP, this gives it a chance to be shown to work.
running transparent SMTP proxies is not very common, is it? in any
case, you could use _any_ other e-mail address on the Internet to test
outbound.
I also think it's simplest to implement with existing software.
this is where I disagree strongly :-)
> and the server will connect to the MX of the source IP. (make
> sure the reverse and forward lookup match.)
Can you explain this more? I'm not clear on what you're trying to do
here or why.
say I connect from 129.240.68.200. reverse lookup gives
vingodur.ifi.uio.no. the MX for vingodur is pat.uio.no. so the reply
will be sent to pat. since pat is relay proof, I must provide a valid
address at the University of Oslo for the e-mail to be accepted.
now, if I want to fool the quizzic server into harrassing you, I'd
change the reverse lookup of 129.240.68.200 to elvey.fastmail.fm,
whose MX is smtp.us.messagingengine.com, and so you'll receive the
message. it is therefore essential that a forward lookup of
elvey.fastmail.fm is done to see if the IP address(es) match.
Is this test something that would make Quizzic hard for
joe user to use?
only if Joe User's network administrator is incompetent. :-)
--
Kjetil T. | read and make up your own mind
| http://www.cactus48.com/truth.html