Curtis Maurand wrote:
{Edited to fix top posting}
<> R A Lichtensteiger wrote:
<>
<> >There are a number of fixes, of course:
<> >
<> > 1a. Separate your outgoing relays from your inbound MX hosts.
<> > Some of the trojans do a PTR lookup on their address, then
<> > an MX query on the forward zone.
<> > 1b. Configure your MX hosts to not accept mail from INSIDE your
<> > network and configure your outbound relays to not accept mail
<> > from OUTSIDE your network.
<> The problem with 1a and 1b is that some networks won't accept mail from
<> non mx hosts.
Curtis,
Are you referring to SPF or to the silliness that Verizon has
implemented? Or something else entirely?
SPF isn't constrained to MXes; you can "announce" any host as a valid
mail relay for your domain.
Verizon's probe back at the MX to see if the username is valid is a
pimple on the ass of the Internet for sure, but the back query would
still work in the above case.
If something else, can you cite? I'm ignorant about who might have
implemented what ...
Reto (Errm ... perhaps off list as we're straying ...)
--
R A Lichtensteiger rali(_at_)tifosi(_dot_)com
"Remember the KL10 is an oversexed mutant with these strange bulging
growths oozing out of random body parts, all of which have to be
duplicated no matter how bizarre."
- Ken Harrenstien <klh(_at_)us(_dot_)oracle(_dot_)com> to its-lovers
____________________________________________________________
procmail mailing list Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail