From: Wietse Venema (no email)
Date: Sat Jan 10 2004 - 03:10:46 EST
Meng Weng Wong:
> So, for Postfix,
>
> - In the smtp delivery agent,
> - If the envelope sender domain is not <> and is not found in mydestinations,
You mean that an outbound/inbound relay host must rewrite EVERY
sender address of every message that passes through it? And what
if that same MTA also happens to be a secondary MX host for some
domain?
This means that inside and outside systems get to see a different
sender address with each message from the same person. That means
the recipient can no longer do sender based filtering.
> - For each envelope recipient,
> - we construct an SRS sender address.
You mean that the SMTP client takes one N-recipient delivery request,
and sends N copies sequentially? This penalizes every MTA architecture
other than that of qmail.
> - the SRS sender contains the original sender, is unique to the
> recipient, and and contains a nonce cookie.
> - we replace the original sender with the SRS sender and initiate SMTP.
>
> The corresponding decoding, cookie validation, and reinjection should be
> performed in ... cleanup?
That would be too late. The SMTP server must know whether an RCPT
TO or MAIL FROM presents a valid address before accepting the mail.
An MTA that does no ingress blocking of non-existent RCPT TO
addresses will pollute its queue with dictionary attack spam.
Egress blocking of non-existent MAIL FROM addresses is desirable
as a sanity check.
Wietse
|
|
|