Loading ...
Sorry, an error occurred while loading the content.

Sender Verification Doc

Expand Messages
  • David Cary Hart
    I think that SV is a terrible idea to begin with. I will spare you the rant. Nevertheless: By default, Postfix probe messages have postmaster@$myorigin as
    Message 1 of 5 , Nov 1, 2006
    • 0 Attachment
      I think that SV is a terrible idea to begin with. I will
      spare you the rant. Nevertheless:

      "By default, Postfix probe messages have
      postmaster@$myorigin" as the sender address. This is SAFE
      because the Postfix SMTP server does not reject mail for this
      address."

      That doesn't make sense to me. Doesn't that presuppose that the
      probed server is running Postfix or am I suffering from a senior
      moment? The concept makes sense - just not the explanation.

      "You can change this into the null address
      ("address_verify_sender ="). This is UNSAFE because address
      probes will fail with mis-configured sites that reject MAIL
      FROM: <>, while probes from 'postmaster@$myorigin' would
      succeed."

      While I agree, that's not limited to mis-configured servers.
      Rejecting null sender seems to be the most effective means of
      eliminating backscatter. Is that an errant conclusion on my part?

      --
      Our DNSRBL - Eliminate Spam at the Source: http://www.TQMcube.com
      Don't Subsidize Criminals: http://boulderpledge.org
    • Victor Duchovni
      ... Think harder, if the receiving machine also does SAV, the probe sender, will be probed in turn (now as a recipient), it is important to not reject it (your
      Message 2 of 5 , Nov 1, 2006
      • 0 Attachment
        On Wed, Nov 01, 2006 at 10:18:52PM -0500, David Cary Hart wrote:

        > I think that SV is a terrible idea to begin with. I will
        > spare you the rant. Nevertheless:
        >
        > "By default, Postfix probe messages have
        > postmaster@$myorigin" as the sender address. This is SAFE
        > because the Postfix SMTP server does not reject mail for this
        > address."
        >
        > That doesn't make sense to me. Doesn't that presuppose that the
        > probed server is running Postfix or am I suffering from a senior
        > moment? The concept makes sense - just not the explanation.

        Think harder, if the receiving machine also does SAV, the probe sender,
        will be probed in turn (now as a recipient), it is important to not
        reject it (your own probe sender) in this context, or to apply SAV to
        the remote probe sender (whatever it may be), when the *recipient* is the
        local probe sender.

        > "You can change this into the null address
        > ("address_verify_sender ="). This is UNSAFE because address
        > probes will fail with mis-configured sites that reject MAIL
        > FROM: <>, while probes from 'postmaster@$myorigin' would
        > succeed."
        >
        > While I agree, that's not limited to mis-configured servers.
        > Rejecting null sender seems to be the most effective means of
        > eliminating backscatter. Is that an errant conclusion on my part?

        Yes, because not all bounces are "backscatter", and severely breaking
        mail delivery (in this case delivery error reporting) is not an acceptable
        anti-abuse measure.

        I don't use SAV either, and don't recomment it, but I also don't recommend
        premature criticism. When in doubt, ask rather than accuse. When looking
        at something in detail for the first time, be in doubt.

        --
        Viktor.

        Disclaimer: off-list followups get on-list replies or get ignored.
        Please do not ignore the "Reply-To" header.

        To unsubscribe from the postfix-users list, visit
        http://www.postfix.org/lists.html or click the link below:
        <mailto:majordomo@...?body=unsubscribe%20postfix-users>

        If my response solves your problem, the best way to thank me is to not
        send an "it worked, thanks" follow-up. If you must respond, please put
        "It worked, thanks" in the "Subject" so I can delete these quickly.
      • David Cary Hart
        On Wed, 1 Nov 2006 22:32:52 -0500, Victor Duchovni ... What prevents that from being an endless loop? ... I ll have to think that through. I suppose that
        Message 3 of 5 , Nov 1, 2006
        • 0 Attachment
          On Wed, 1 Nov 2006 22:32:52 -0500, Victor Duchovni
          <Victor.Duchovni@...> opined:
          > On Wed, Nov 01, 2006 at 10:18:52PM -0500, David Cary Hart wrote:
          >
          > > I think that SV is a terrible idea to begin with. I will
          > > spare you the rant. Nevertheless:
          > >
          > > "By default, Postfix probe messages have
          > > postmaster@$myorigin" as the sender address. This is SAFE
          > > because the Postfix SMTP server does not reject mail for
          > > this address."
          > >
          > > That doesn't make sense to me. Doesn't that presuppose that the
          > > probed server is running Postfix or am I suffering from a senior
          > > moment? The concept makes sense - just not the explanation.
          >
          > Think harder, if the receiving machine also does SAV, the probe
          > sender, will be probed in turn (now as a recipient), it is
          > important to not reject it (your own probe sender) in this context,
          > or to apply SAV to the remote probe sender (whatever it may be),
          > when the *recipient* is the local probe sender.

          What prevents that from being an endless loop?
          >
          > > "You can change this into the null address
          > > ("address_verify_sender ="). This is UNSAFE because
          > > address probes will fail with mis-configured sites that reject
          > > MAIL FROM: <>, while probes from 'postmaster@$myorigin' would
          > > succeed."
          > >
          > > While I agree, that's not limited to mis-configured servers.
          > > Rejecting null sender seems to be the most effective means of
          > > eliminating backscatter. Is that an errant conclusion on my part?
          >
          > Yes, because not all bounces are "backscatter", and severely
          > breaking mail delivery (in this case delivery error reporting) is
          > not an acceptable anti-abuse measure.

          I'll have to think that through. I suppose that depends upon the need
          to accept some non-local NDRs in a larger environment. I also
          misstated in that I am discarding these in contrast to rejecting them.
          >
          > I don't use SAV either, and don't recomment it, but I also don't
          > recommend premature criticism. When in doubt, ask rather than
          > accuse. When looking at something in detail for the first time, be
          > in doubt.
          >
          I honestly thought I was not being critical. I did say that it
          doesn't make sense TO ME. These were two questions, not answers and
          they were not intended to be rhetorical. If you took offense to my
          disparagement of SAV, that is NOT a criticism of Postfix or it's
          developers. I just get hit very hard by the probes now and then.

          --
          Our DNSRBL - Eliminate Spam at the Source: http://www.TQMcube.com
          Don't Subsidize Criminals: http://boulderpledge.org
        • Curtis Doty
          ... Verified and bogus addresses are cached. ../C
          Message 4 of 5 , Nov 1, 2006
          • 0 Attachment
            11:15pm David Cary Hart said:

            > On Wed, 1 Nov 2006 22:32:52 -0500, Victor Duchovni
            > <Victor.Duchovni@...> opined:
            > >
            > > Think harder, if the receiving machine also does SAV, the probe
            > > sender, will be probed in turn (now as a recipient), it is
            > > important to not reject it (your own probe sender) in this context,
            > > or to apply SAV to the remote probe sender (whatever it may be),
            > > when the *recipient* is the local probe sender.
            >
            > What prevents that from being an endless loop?
            >

            Verified and bogus addresses are cached.

            ../C
          • Victor Duchovni
            ... The very fact that Postfix s own probe sender address is whitelisted in reverse probes and not subjected to verification probes. There is no loop. There is
            Message 5 of 5 , Nov 1, 2006
            • 0 Attachment
              On Wed, Nov 01, 2006 at 11:15:14PM -0500, David Cary Hart wrote:

              > > > "By default, Postfix probe messages have
              > > > postmaster@$myorigin" as the sender address. This is SAFE
              > > > because the Postfix SMTP server does not reject mail for
              > > > this address."
              > > >
              > > > That doesn't make sense to me. Doesn't that presuppose that the
              > > > probed server is running Postfix or am I suffering from a senior
              > > > moment? The concept makes sense - just not the explanation.
              > >
              > > Think harder, if the receiving machine also does SAV, the probe
              > > sender, will be probed in turn (now as a recipient), it is
              > > important to not reject it (your own probe sender) in this context,
              > > or to apply SAV to the remote probe sender (whatever it may be),
              > > when the *recipient* is the local probe sender.
              >
              > What prevents that from being an endless loop?

              The very fact that Postfix's own probe sender address is whitelisted
              in reverse probes and not subjected to verification probes. There is
              no loop.

              There is however considerable negative interaction between SAV and
              greylisting, mail should eventually get through, but considerable
              delays are possible.

              --
              Viktor.

              Disclaimer: off-list followups get on-list replies or get ignored.
              Please do not ignore the "Reply-To" header.

              To unsubscribe from the postfix-users list, visit
              http://www.postfix.org/lists.html or click the link below:
              <mailto:majordomo@...?body=unsubscribe%20postfix-users>

              If my response solves your problem, the best way to thank me is to not
              send an "it worked, thanks" follow-up. If you must respond, please put
              "It worked, thanks" in the "Subject" so I can delete these quickly.
            Your message has been successfully submitted and would be delivered to recipients shortly.