On Thu, Jan 22, 2004 at 11:38:50AM -0600, wayne wrote:
| In
<5B734AC36BC9714EB88451E6E2F043B1155EC3(_at_)alaia01(_dot_)alaia(_dot_)net>
Marc Alaia <marc(_at_)alaia(_dot_)net> writes:
|
| > Because I can buy server-side or even client-side software to process spam
| > in my Exchange/Outlook environment.
|
| I'm not a MicroSoft user, so my knowledge is pretty sketchy. However,
| I seem to recall some discussions about this a while back and I seem
| to recall that you *could* put SPF into MS-Exchange. It isn't as
| simple as other MTAs, but it can be done.
|
| I've also heard that running MS-Exchange as your link to the outside
| world is A Bad Idea. Instead, you should run something like
| sendmail/postfix/exim/whatever and then relay the email through your
| firewall/DMZ to your MS-Exchange server. Again, I don't have a lot of
| firsthand knowledge about this issue, it is hear-say.
You could hear me saying that, except I won't include "sendmail" in the
list for various reasons. I will say that the OS on the front end should
be a hardened (and well managed) BSD/Linux machine.
| I agree with you that we should keep the decision about when SPF
| should be used out of the spec. SpamAssassin, which usually runs
| after the SMTP session, has long been involved in SPF, so no one has
| said that you *must* do SMTP time checking. However, I also think
| that it is important to be *able* to do the SPF check before the SMTP
| DATA command.
My thoughts are to parallel it. When the connection comes in, launch
the PTR query and the DNSBL queries (yes, all in parallel if more than
one is configured). Then read() and see what you get. Once a HELO is
seen with an FQDN, launch the A or AAAA query for that name (depending
on which the connection comes in as). Whenever the PTR query comes
back with an FQDN, launch the A or AAAA query for that name. Once all
the A or AAAA queries come back, if none match the client peer address,
give 5XX and close down. Once a DNSBL says thumbs down, give 5XX and
close down. Or use all the various data sources and score things.
Obviously SPF comes in after MAIL FROM is received. The connection may
get dumped before then. Or SPF may help score the mail. The previous
queries may not even have come back, yet. But go ahead and launch the
first SPF query now.
The key is be asyncronous as much as possible, unless tarpitting is your
goal (and even if it is, just use a timer judiciously and drag out the
tarpit as the score drops).
Once the DATA command arrives, then it's probably a fine time to wait for
all the pending queries to complete or time out.
--
-----------------------------------------------------------------------------
| Phil Howard KA9WGN | http://linuxhomepage.com/ http://ham.org/ |
| (first name) at ipal.net | http://phil.ipal.org/ http://ka9wgn.ham.org/ |
-----------------------------------------------------------------------------
-------
Sender Permitted From: http://spf.pobox.com/
Archives at http://archives.listbox.com/spf-discuss/current/
Latest draft at http://spf.pobox.com/draft-mengwong-spf-02.9.4.txt
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname(_at_)©#�«Mo\¯HÝÜîU;±¤Ö¤Íµø�?¡