At 3:49 PM -0400 9/8/1996, Brian J. Murrell wrote:
>from the quill of Brad Knowles <brad@his.com> on scroll
><v03007804ae5809be95ba@[205.177.25.174]>
>> At 8:49 PM -0400 9/1/1996, Jody Boyd wrote:
>> I know of no tools that let you refuse connections based on parts
>> of the "body" of the message (including most of what you and I
>> consider to be the headers) while the SMTP connection is open.
>
>Ah. Something I've given a bit of thought to lately. We usually will not
>install Sendmail as the daemon to which the Internet talks. Too much of a
>security risk. So we usually install TIS' fwtk smap/smapd to receive and
>pre-process mail from the Internet.
Well, with sendmail 8.7.y, smap won't work -- you have to choose
one or the other. I don't recall off the top of my head what the bug
is, but it keeps it from working with sendmail 8.7.y. The TIS guys
don't seem to be particularly interested in keeping the fwtk
up-to-date, either -- they have "real" work to do on that sort of
stuff for Guantlet.
>I've thought of numerous enhancements to smap that allow one to setup a
>rules based type of processing of incoming mail. The first one I'd like to
>implement is to reject mail which doesn't have a valid envelope sender. If
>the mail can't be bounced back to the sender (for whatever reason) it won't
>even be considered for delivery.
How do you do this while holding the other side open? What if
they have DNS timeouts? What if you have DNS timeouts? Then you're
in serious violation of RFC 1123 and just about every other major
Internet Email RFC in existance.
Trust me, I've discussed this issue with Ned Freed (author of
said 14 Internet Email RFCs) and Eric Allman (author of sendmail),
and there's no easy solution to this problem.
--
Brad Knowles, MIME/PGP: brad@his.com
comp.mail.sendmail FAQ Maintainer <http://www.his.com/~brad/>
finger brad@his.com for my PGP Public Keys and Geek Code
The comp.mail.sendmail FAQ is at <http://www.his.com/~brad/sendmail/>
Follow-Ups:
|
|
