Loading ...
Sorry, an error occurred while loading the content.

Re: Sender Verification Doc

Expand Messages
  • Victor Duchovni
    ... Think harder, if the receiving machine also does SAV, the probe sender, will be probed in turn (now as a recipient), it is important to not reject it (your
    Message 1 of 5 , Nov 1, 2006
    • 0 Attachment
      On Wed, Nov 01, 2006 at 10:18:52PM -0500, David Cary Hart wrote:

      > I think that SV is a terrible idea to begin with. I will
      > spare you the rant. Nevertheless:
      >
      > "By default, Postfix probe messages have
      > postmaster@$myorigin" as the sender address. This is SAFE
      > because the Postfix SMTP server does not reject mail for this
      > address."
      >
      > That doesn't make sense to me. Doesn't that presuppose that the
      > probed server is running Postfix or am I suffering from a senior
      > moment? The concept makes sense - just not the explanation.

      Think harder, if the receiving machine also does SAV, the probe sender,
      will be probed in turn (now as a recipient), it is important to not
      reject it (your own probe sender) in this context, or to apply SAV to
      the remote probe sender (whatever it may be), when the *recipient* is the
      local probe sender.

      > "You can change this into the null address
      > ("address_verify_sender ="). This is UNSAFE because address
      > probes will fail with mis-configured sites that reject MAIL
      > FROM: <>, while probes from 'postmaster@$myorigin' would
      > succeed."
      >
      > While I agree, that's not limited to mis-configured servers.
      > Rejecting null sender seems to be the most effective means of
      > eliminating backscatter. Is that an errant conclusion on my part?

      Yes, because not all bounces are "backscatter", and severely breaking
      mail delivery (in this case delivery error reporting) is not an acceptable
      anti-abuse measure.

      I don't use SAV either, and don't recomment it, but I also don't recommend
      premature criticism. When in doubt, ask rather than accuse. When looking
      at something in detail for the first time, be in doubt.

      --
      Viktor.

      Disclaimer: off-list followups get on-list replies or get ignored.
      Please do not ignore the "Reply-To" header.

      To unsubscribe from the postfix-users list, visit
      http://www.postfix.org/lists.html or click the link below:
      <mailto:majordomo@...?body=unsubscribe%20postfix-users>

      If my response solves your problem, the best way to thank me is to not
      send an "it worked, thanks" follow-up. If you must respond, please put
      "It worked, thanks" in the "Subject" so I can delete these quickly.
    • David Cary Hart
      On Wed, 1 Nov 2006 22:32:52 -0500, Victor Duchovni ... What prevents that from being an endless loop? ... I ll have to think that through. I suppose that
      Message 2 of 5 , Nov 1, 2006
      • 0 Attachment
        On Wed, 1 Nov 2006 22:32:52 -0500, Victor Duchovni
        <Victor.Duchovni@...> opined:
        > On Wed, Nov 01, 2006 at 10:18:52PM -0500, David Cary Hart wrote:
        >
        > > I think that SV is a terrible idea to begin with. I will
        > > spare you the rant. Nevertheless:
        > >
        > > "By default, Postfix probe messages have
        > > postmaster@$myorigin" as the sender address. This is SAFE
        > > because the Postfix SMTP server does not reject mail for
        > > this address."
        > >
        > > That doesn't make sense to me. Doesn't that presuppose that the
        > > probed server is running Postfix or am I suffering from a senior
        > > moment? The concept makes sense - just not the explanation.
        >
        > Think harder, if the receiving machine also does SAV, the probe
        > sender, will be probed in turn (now as a recipient), it is
        > important to not reject it (your own probe sender) in this context,
        > or to apply SAV to the remote probe sender (whatever it may be),
        > when the *recipient* is the local probe sender.

        What prevents that from being an endless loop?
        >
        > > "You can change this into the null address
        > > ("address_verify_sender ="). This is UNSAFE because
        > > address probes will fail with mis-configured sites that reject
        > > MAIL FROM: <>, while probes from 'postmaster@$myorigin' would
        > > succeed."
        > >
        > > While I agree, that's not limited to mis-configured servers.
        > > Rejecting null sender seems to be the most effective means of
        > > eliminating backscatter. Is that an errant conclusion on my part?
        >
        > Yes, because not all bounces are "backscatter", and severely
        > breaking mail delivery (in this case delivery error reporting) is
        > not an acceptable anti-abuse measure.

        I'll have to think that through. I suppose that depends upon the need
        to accept some non-local NDRs in a larger environment. I also
        misstated in that I am discarding these in contrast to rejecting them.
        >
        > I don't use SAV either, and don't recomment it, but I also don't
        > recommend premature criticism. When in doubt, ask rather than
        > accuse. When looking at something in detail for the first time, be
        > in doubt.
        >
        I honestly thought I was not being critical. I did say that it
        doesn't make sense TO ME. These were two questions, not answers and
        they were not intended to be rhetorical. If you took offense to my
        disparagement of SAV, that is NOT a criticism of Postfix or it's
        developers. I just get hit very hard by the probes now and then.

        --
        Our DNSRBL - Eliminate Spam at the Source: http://www.TQMcube.com
        Don't Subsidize Criminals: http://boulderpledge.org
      • Curtis Doty
        ... Verified and bogus addresses are cached. ../C
        Message 3 of 5 , Nov 1, 2006
        • 0 Attachment
          11:15pm David Cary Hart said:

          > On Wed, 1 Nov 2006 22:32:52 -0500, Victor Duchovni
          > <Victor.Duchovni@...> opined:
          > >
          > > Think harder, if the receiving machine also does SAV, the probe
          > > sender, will be probed in turn (now as a recipient), it is
          > > important to not reject it (your own probe sender) in this context,
          > > or to apply SAV to the remote probe sender (whatever it may be),
          > > when the *recipient* is the local probe sender.
          >
          > What prevents that from being an endless loop?
          >

          Verified and bogus addresses are cached.

          ../C
        • Victor Duchovni
          ... The very fact that Postfix s own probe sender address is whitelisted in reverse probes and not subjected to verification probes. There is no loop. There is
          Message 4 of 5 , Nov 1, 2006
          • 0 Attachment
            On Wed, Nov 01, 2006 at 11:15:14PM -0500, David Cary Hart wrote:

            > > > "By default, Postfix probe messages have
            > > > postmaster@$myorigin" as the sender address. This is SAFE
            > > > because the Postfix SMTP server does not reject mail for
            > > > this address."
            > > >
            > > > That doesn't make sense to me. Doesn't that presuppose that the
            > > > probed server is running Postfix or am I suffering from a senior
            > > > moment? The concept makes sense - just not the explanation.
            > >
            > > Think harder, if the receiving machine also does SAV, the probe
            > > sender, will be probed in turn (now as a recipient), it is
            > > important to not reject it (your own probe sender) in this context,
            > > or to apply SAV to the remote probe sender (whatever it may be),
            > > when the *recipient* is the local probe sender.
            >
            > What prevents that from being an endless loop?

            The very fact that Postfix's own probe sender address is whitelisted
            in reverse probes and not subjected to verification probes. There is
            no loop.

            There is however considerable negative interaction between SAV and
            greylisting, mail should eventually get through, but considerable
            delays are possible.

            --
            Viktor.

            Disclaimer: off-list followups get on-list replies or get ignored.
            Please do not ignore the "Reply-To" header.

            To unsubscribe from the postfix-users list, visit
            http://www.postfix.org/lists.html or click the link below:
            <mailto:majordomo@...?body=unsubscribe%20postfix-users>

            If my response solves your problem, the best way to thank me is to not
            send an "it worked, thanks" follow-up. If you must respond, please put
            "It worked, thanks" in the "Subject" so I can delete these quickly.
          Your message has been successfully submitted and would be delivered to recipients shortly.