DNSOP mailing list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: dnsop@cafax.se
From: Markus Stumpf <maex-lists-dns-ietf-dnsop@Space.Net>
Date: Fri, 22 Feb 2002 23:11:09 +0100
Content-Disposition: inline
In-Reply-To: <Pine.SOL.4.33.0202210933410.9569-100000@virgo.cus.cam.ac.uk>; from ph10@cus.cam.ac.uk on Thu, Feb 21, 2002 at 09:40:22AM +0000
Sender: owner-dnsop@cafax.se
User-Agent: Mutt/1.2.5i
Subject: draft-ietf-dnsop-dontpublish-unreachable-03.txt (was: Re: Minneapolis - agenda items please.)

Sorry, to jump in the discussion at a late point. I'm rather new to this
list.

On Thu, Feb 21, 2002 at 09:40:22AM +0000, Philip Hazel wrote:
> Proposal is to reword the final paragraph to read as follows:
> 
>     If such a facility is required, it SHOULD instead be done by
>     arranging for the hosts listed in a domain's MX records to return
>     a 554 error response, either on initial connection, or following a
>     RCPT command for an address in a domain for which there is no
>     service.

Care should be taken IMHO to keep the wording RFC 2821 (SMTP) compliant.
    RFC 2821 Section 3.1 Session Initiation
already specifies a procedure just for that case (3rd paragraph):

    The SMTP protocol allows a server to formally reject a transaction
    while still allowing the initial connection as follows:
    [ ...]

Maybe a referral to the above mentioned Section would be a good idea?

Also:

    loopback address have been seen in the DNS. This seems to be a
    misguided attempt to specify "no SMTP service for this domain"
    more positively than just refusing connections to the SMTP port.

<SIDENOTE>
From my experience it's more likely that spammers don't have a valid
ip address to point the MX of their domain to. But they need a IP
to pass anti-spam checks, so they use 127.0.0.1 and have the advantage
not to get the bounces back. Btw. I have also seen the use of 0.0.0.0
instead of 127.0.0.1. The impact of 0.0.0.0 on some SMTP daemons is rather
terrible.
</SIDENOTE>

IMHO it would be a good idea to explicitely ban the use of "0.0.0.0"
(haven't found it mentioned in the draft at all) and it probably should
be a MUST NOT.

	\Maex

-- 
SpaceNet AG            | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development |       D-80807 Muenchen    | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
 proportional to the amount of vacuity between the ears of the admin"

Follow-Ups:
- Re: draft-ietf-dnsop-dontpublish-unreachable-03.txt (was: Re:Minneapolis - agenda items please.)
  - From: Philip Hazel <ph10@cus.cam.ac.uk>

References:
- Re: Minneapolis - agenda items please.
  - From: Robert Elz <kre@munnari.OZ.AU>
- Re: Minneapolis - agenda items please.
  - From: Philip Hazel <ph10@cus.cam.ac.uk>

Prev by Date: No DNSOP meeting in Minneapolis.
Next by Date: Re: spurious updates
Prev by thread: Re: Minneapolis - agenda items please.
Next by thread: Re: draft-ietf-dnsop-dontpublish-unreachable-03.txt (was: Re:Minneapolis - agenda items please.)
Index(es):
- Date
- Thread

Home | Date list | Subject list