From: Dean Anderson [mailto:dean(_at_)av8(_dot_)com]
On Sun, 9 Jan 2005 terry(_at_)ashtonwoodshomes(_dot_)com wrote:
Agreed, but near sighted. If the sending MTA had done some
sort of validation to ensure the message
was not forged when it accepted it, then we wouldn't have a
blowback problem. You cannot blame
subsequent MTA's in the path for detecting and rejecting
bad email when its something the first hop
MTA could (and should) have done in the first place!
And just what sort of validation would that be?
Authentication (SMTP AUTH, POP-before-SMTP, etc.), restriction to trusted IP
addresses, etc. Basically the sending server is responsible for authorizing
its own use, via whatever method is most appropriate.
His point I think is that if the virus is trying to send
directly to the MTA it would get rejected
with no bounce back (because the virus wouldn't process a bounce).
If an MTA.1 accepted a virus message, and tried relaying it
to MTA.2, when MTA.2 rejects it as
forged, and MTA.1 processes a bounce, well, NO SYMPATHY FOR
MTA.1, it should have taken steps to
prevent the virus/forgery etc from being accepted by itself
in the FIRST PLACE.
Your lack of sympathy for MTA.1 is unfortunate, but unrealistic. Even
taking steps to prevent viruses does not catch all virues. Even using
SMTP AUTH on a closed relay does not prevent forgery.
--Dean
I have the greatest sympathy for MTA.1 and its users. My sympathy (as MTA.2's
admin) does NOT extend to taking responsibility for delivery of the viruses
MTA.1 is trying to unload on me. If MTA.2 then turns around and delivers the
virus to someone else, that is not my problem.
With my particular MTA.2, I reject virii even if they are to valid addresses.
If this causes MTA.1 to deliver a bounce message (possibly even including the
virus) to the forged sender, then MTA.1 just made a big mistake. I suppose a
case could be made that it's "my fault" somehow, but I'm not going to lose any
sleep over it.
Matthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"