nanog mailing list archives
Re: MSRFCs versus RFCs?
From: Jim Hickstein <jxh () jxh com>
Date: Mon, 02 Dec 2002 20:09:07 -0800
RFC-2505 (BCP-30) talks about which return codes to use, among other things. Not a direct hit, perhaps. RFC-1891 (DSNs) may also have something.
You want an RFC-lawyer. Given another hour or so, I could probably come up with the necessary citation, either in the RFCs themselves or in other suitably authoritative-sounding sources. But my pro-bono time has run out for today. :-)
Or you could just ask Eric.
ahead) If I send an email to JoeSmo () domain com and spoof the Mail From as Victim () innocentdomain com to an Exchange Server setup in this manor, the Exchange server will bounce an email to the Victim () innoccentdomain com. While this is all fine and dandy, if a person(s) decides to use this as a mailbomb method and exploit this, its rather simple to do. So, in short I am aguing that 1> Mail destine for a domain not handled should be 550 Denied. 2> None Delivery Reports should only be sent for Domains Handled. 3> That a Firewall should not be doing Domain checking for SMTP What I am at a loss for is RFCs that explicitly state this, that is NDR for other domains, and accepting for other domains.
Current thread:
- Re: MSRFCs versus RFCs? Jim Hickstein (Dec 02)
- <Possible follow-ups>
- Re: MSRFCs versus RFCs? Valdis . Kletnieks (Dec 02)