On Sat, 2004-03-20 at 15:03 +0100, Alain Knaff wrote:
What we can do about it:
------------------------
1. Do not apply SRS encoding for mails where we already do SRS
decoding.
2. Or, only apply encoding for From eaddresses whose domain publishes SPF
3. (or maybe easyer to implement): only apply SRS decoding if From is
<> or <postmaster@ ... >
4. Some throttling mechanism (limit number of SRS encoding /decoding
operations per minute that come from a same IP or IP range)
I do #2 -- in fact I only apply encoding when the reverse-path has an
SPF record _and_ I know the recipient domain is checking it.
I also do #3. Nothing but bounces should _ever_ go to SRS addresses;
there's no excuse for accepting mail with non-empty reverse-path to
them, except perhaps for the special case of postmaster@ to work around
pobox.com's broken CBV.
--
dwmw2