OT: Sendmail REJECT or DISCARD preference

Mon Mar 31 21:40:48 IST 2008

On 31/03/2008, Peter Farrow <peter at farrows.org> wrote:
> Glenn Steen wrote:
>  > On 31/03/2008, Peter Farrow <peter at farrows.org> wrote:
>  >
>  >> Koopmann, Jan-Peter wrote:
>  >>  >>>  Someone sends a spoofed spam email to one of my clients the other
>  >>  >>>
>  >>  >> side
>  >>  >>
>  >>  >>>  of my mailscanner, but they get the address wrong.
>  >>  >>>
>  >>  >> Why did you accept this mail for relay in the first place?
>  >>  >> This is where you go wrong, all the rest is purely your own fault...
>  >>  >> If one were in the blame-game:-):-).
>  >>  >> I'm not, I'm more interrested in you getting this right, and beleive
>  >>  >> me... this will make a marked difference for you.
>  >>  >> The problem is simple: You are the public MX for these customers, but
>  >>  >> you don't know their "email address universe". You need setup a method
>  >>  >> that ensure you do.
>  >>  >>
>  >>  >
>  >>  > I think finally begin to understand what he is doing... Thanks Glenn.
>  >>  > :-)
>  >>  > --
>  >>  > MailScanner mailing list
>  >>  > mailscanner at lists.mailscanner.info
>  >>  > http://lists.mailscanner.info/mailman/listinfo/mailscanner
>  >>  >
>  >>  > Before posting, read http://wiki.mailscanner.info/posting
>  >>  >
>  >>  > Support MailScanner development - buy the book off the website!
>  >>  >
>  >>  >
>  >>
>  >> Well, actually no I don't need to know their users list, thats the
>  >>  beauty of this configuration.  To add anti spam to a clients setup I
>  >>  simply insert my servers,  I don't need to ask them any questions other
>  >>  than where to send it on.   So this is a top solution, very easy for the
>  >>  client, and my clients love it, I can anti spam their email without even
>  >>  knowing or wanting know anything about their enterprise I just tell them
>  >>  to adjust their DNS.  Hence, I do have it very very right indeed.
>  >>
>  > Well... There is no difference if you do this setup "correctly"
>  > (call-ahead), or "in-correctly" (NDR/NDN/DSN-hell with DISCARD of all
>  > such (more or less) as a band-aid).
>  > You wouldn't ask them anything different for that address verification
>  > either;-).
>  >
>  >
>  >>  Could you imagine trying to know about all the users  on each mail
>  >>  domain for each client, with 1000s of clients and therefore 100,000s of
>  >>  users.... its all about scale and ease of implementation and thats why
>  >>  on this type of scale and even small ones a discard is a supremely
>  >>  useful solution...
>  >>
>  > "know" and "you" are relative terms here. "Your server" need only know
>  > at the point where it ponders accepting a new message or not... No
>  > database needed (although that has it's perks too... Not workable for
>  > larger installs, but usable for medium->small setups).
>  >
>  >
>  >>  If I wanted to implement a client user list I could always add a
>  >>  look/check ahead milter, but why bother this works better, and a look
>  >>  ahead would mean I would need to know if their mailbox holder server was
>  >>  behind an internet facing smarthost or not to make the check valid or not...
>  >>
>  > It actually doesn't. Work better, that is:-). But I'm pretty certain
>  > I'll bnever convince you of that...;-).
>  > And the beuty of the call-ahead... is that you needn't care onewhit
>  > about smarthosts or anything. Because when that host accept the mail,
>  > you are out of the DSN-loop... it is their problem;-).
>  >
>  > Cheers
>
>  >>you are out of the DSN-loop... it is their problem;-).
>
>
> --I'm their postmaster--- remember---  my clients don't want it to be "their problem"..
I'm not going to try convince you of anything Peter... But if you are
their postmaster, as you say... _You_ should care. And I'm sure you
do.
Please don't confuse me with someone else... I've yet to suggest that
you should do anything at your clients location. It is only "their
problem" as in the MTA sense of it;-).

This whole discussion for some reason remind me of some ...
interractions... I've had with Noel... in the past. Never could
convince him of much either...:-). Your network, you do as you please.
I still think you're doing things backwards, but that is entirely
yours to choose.

>  so -- yes it does work better... for me and those clients...
:-)

Cheers
-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se