[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20040211121700.GC9678@josefina.dcit.cz>
From: martin.macok at underground.cz (Martin Mačok)
Subject: Apparently the practice was prevalent
On Wed, Feb 11, 2004 at 10:23:32AM -0000, John.Airey@...b.org.uk wrote:
> > > In fact, RFC 2822 which obsoletes RFC 822 doesn't even mention
> > > relays.
> >
> > Of course. It also doesn't mention space ships. It's just about
> > something else. It has not anything to do with "email relaying".
> >
> What do space ships have to do with this discussion? There's no
> mention of them in RFC 822, so this is hardly relevant.
RFC 822 has nothing to do with SMTP, relaying nor space ships. That is
what those things have in common.
> > The right one is RFC 2821. See the quote of "Relaying" part from
> > my previous post.
> 2821 supersedes 821, which also implies you should have open relays.
Again, not true. See section "Relaying" in RFC 2821 (quoted in one of my
previous posts).
Next time, please, quote the text from the RFC you are referring to.
> It states that you should have EXPN enabled.
Really?
RFC 2821
7.3 VRFY, EXPN, and Security
As discussed in section 3.5, individual sites may want to disable
either or both of VRFY or EXPN for security reasons.
[..]
> > > Is there any RFC that specifies that open relays are a bad idea?
> >
> > Do not expect that there is an RFC for every bad idea around ...
> >
> Which basically means that anything not strictly allowed isn't.
No, I don't think so.
> No you can't. I also found RFC 2505 after sending my mail, however it still
> mentions nothing about open relays.
RFC 2505
2.1. Restricting unauthorized Mail Relay usage
[..]
Instead, the MTA MUST be able to authorize Mail Relay usage based on
a combination of:
o "RCPT To:" address (domain).
o SMTP_Caller FQDN hostname.
o SMTP_Caller IP address.
The suggested algorithm is:
a) If "RCPT To:" is one of "our" domains, local or a domain that
we accept to forward to (alternate MX), then accept to Relay.
b) If SMTP_Caller is authorized, either its IP.src or its FQDN
(depending on if you trust the DNS), then accept to Relay.
c) Else refuse to Relay.
[..]
In other words, "do not have open relays".
Martin Ma?ok
Powered by blists - more mailing lists