Re: Bad-Clients: definitely not working
- From: helbig@xxxxxxxxxxxxxxxxxxxxxxxx (Phillip Helbig---remove CLOTHES to reply)
- Date: Wed, 24 May 2006 21:41:07 +0000 (UTC)
After much experimenting, I conclude this is the algorithm used by TCPIP
anti-spam features:
bad clients are rejected IF _ANY_ GOOD CLIENTS ARE DEFINED
(unless a good-client match is more specific than a bad-client match)
if sender in good-clients list, "helo" welcomes a "friend"
if not rejected, then
local mail always delivered
if NORELAY relayed mail never delivered
if RELAY
mail not delivered if sender not in good-clients list,
i.e. it IS relayed if sender in good-clients list OR if
GOOD-CLIENTS LIST IS NOT DEFINED
Or, in more structured form:
IF good-clients list exists
THEN
IF sender not in bad-clients list or if there is no bad-clients list
THEN
IF sender in good-clients list THEN welcome "friend"
IF mail is local
THEN
accept mail
ELSE
IF relay is configured
THEN
IF sender in good-clients list
THEN
relay mail
ELSE
reject mail
ENDIF
ELSE
reject mail
ENDIF
ENDIF
ELSE
reject mail
ENDIF
ELSE
IF mail is local
THEN
accept mail regardless of whether bad-clients list exist and what is in it
ELSE
IF relay is configured
THEN
relay mail
ELSE
reject mail
ENDIF
ENDIF
ENDIF
This is the algorithm I would prefer:
reject if sender is in bad-clients list unless there is a more specific
match in an OPTIONAL good-clients list
if sender in good-clients list, "helo" welcomes a "friend"
if not rejected, then
local mail always delivered
if NORELAY relayed mail never delivered
if RELAY
relay only if sender is in good-clients list
it is NOT relayed if there is no good-clients list
if one wants to relay everything, put 0.0.0.0 in the good-clients list
In other words, to determine whether or not to reject the connection
right away, I would not require a good-clients list. It is necessary
only if a client needs to be specified more exactly which would
otherwise be rejected. On the other hand, if RELAY is turned on, then I
would require a good-clients list.
If RELAY is turned off, then I don't need a good-clients list unless I
need to specify a client more exactly which would otherwise be rejected.
With the current system, I need at least a good-clients list with a
dummy entry (e.g. private network which doesn't exist on the LAN). On
the other hand, if I want to have relay switched on, then I am forced to
specify the good clients.
Actually, there should be good-clients and bad-clients lists both for
reception and for relaying. It is conceivable that I would want to
accept email from a certain address, but would not want that address to
use my machine as a relay. With the current scheme, if I prevent an
address from relaying then, assuming relaying is allowed at all, I
can't receive any mail from that address.
.
- References:
- Bad-Clients: definitely not working
- From: Phillip Helbig---remove CLOTHES to reply
- Re: Bad-Clients: definitely not working
- From: JF Mezei
- Re: Bad-Clients: definitely not working
- From: Phillip Helbig---remove CLOTHES to reply
- Re: Bad-Clients: definitely not working
- From: JF Mezei
- Re: Bad-Clients: definitely not working
- From: Phillip Helbig---remove CLOTHES to reply
- Re: Bad-Clients: definitely not working
- From: JF Mezei
- Re: Bad-Clients: definitely not working
- From: Phillip Helbig---remove CLOTHES to reply
- Re: Bad-Clients: definitely not working
- From: JF Mezei
- Re: Bad-Clients: definitely not working
- From: Phillip Helbig---remove CLOTHES to reply
- Re: Bad-Clients: definitely not working
- From: Phillip Helbig---remove CLOTHES to reply
- Re: Bad-Clients: definitely not working
- From: JF Mezei
- Bad-Clients: definitely not working
- Prev by Date: Re: OT: Woodcrest (X86-64) will ouperform all other cpus on the market says Inquirer.
- Next by Date: Re: OT: Woodcrest (X86-64) will ouperform all other cpus on the market says Inquirer.
- Previous by thread: Re: Bad-Clients: definitely not working
- Next by thread: Re: Bad-Clients: definitely not working
- Index(es):
Relevant Pages
|
