OT: Sendmail REJECT or DISCARD preference

Glenn Steen glenn.steen at gmail.com
Mon Mar 31 19:52:52 IST 2008 

On 31/03/2008, Peter Farrow <peter at farrows.org> wrote:
> Koopmann, Jan-Peter wrote:
>  >>>  Someone sends a spoofed spam email to one of my clients the other
>  >>>
>  >> side
>  >>
>  >>>  of my mailscanner, but they get the address wrong.
>  >>>
>  >> Why did you accept this mail for relay in the first place?
>  >> This is where you go wrong, all the rest is purely your own fault...
>  >> If one were in the blame-game:-):-).
>  >> I'm not, I'm more interrested in you getting this right, and beleive
>  >> me... this will make a marked difference for you.
>  >> The problem is simple: You are the public MX for these customers, but
>  >> you don't know their "email address universe". You need setup a method
>  >> that ensure you do.
>  >>
>  >
>  > I think finally begin to understand what he is doing... Thanks Glenn.
>  > :-)
>  > --
>  > MailScanner mailing list
>  > mailscanner at lists.mailscanner.info
>  > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>  >
>  > Before posting, read http://wiki.mailscanner.info/posting
>  >
>  > Support MailScanner development - buy the book off the website!
>  >
>  >
>
> Well, actually no I don't need to know their users list, thats the
>  beauty of this configuration.  To add anti spam to a clients setup I
>  simply insert my servers,  I don't need to ask them any questions other
>  than where to send it on.   So this is a top solution, very easy for the
>  client, and my clients love it, I can anti spam their email without even
>  knowing or wanting know anything about their enterprise I just tell them
>  to adjust their DNS.  Hence, I do have it very very right indeed.
Well... There is no difference if you do this setup "correctly"
(call-ahead), or "in-correctly" (NDR/NDN/DSN-hell with DISCARD of all
such (more or less) as a band-aid).
You wouldn't ask them anything different for that address verification
either;-).

>  Could you imagine trying to know about all the users  on each mail
>  domain for each client, with 1000s of clients and therefore 100,000s of
>  users.... its all about scale and ease of implementation and thats why
>  on this type of scale and even small ones a discard is a supremely
>  useful solution...
"know" and "you" are relative terms here. "Your server" need only know
at the point where it ponders accepting a new message or not... No
database needed (although that has it's perks too... Not workable for
larger installs, but usable for medium->small setups).

>  If I wanted to implement a client user list I could always add a
>  look/check ahead milter, but why bother this works better, and a look
>  ahead would mean I would need to know if their mailbox holder server was
>  behind an internet facing smarthost or not to make the check valid or not...
It actually doesn't. Work better, that is:-). But I'm pretty certain
I'll bnever convince you of that...;-).
And the beuty of the call-ahead... is that you needn't care onewhit
about smarthosts or anything. Because when that host accept the mail,
you are out of the DSN-loop... it is their problem;-).

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list