[RPZ] RPZ and MX

Alan Doherty dnsrpz at alandoherty.net
Fri Jun 1 23:29:55 UTC 2012


At 22:51 01/06/2012  Friday, Fred Morris wrote:
>On Fri, 1 Jun 2012, Alan Doherty wrote:
>> (as yes rpz can be served to a mailserver, IF and ONLY if its responses
>> have been tailored so it isn't claiming to senders that "their domain
>> dosn't exist"
>
>Can you point me to an RFC which covers this response code? I think what
>you're talking about is a common check, but I don't think it's in any RFC
>whatsoever.

the text of all smtp responses is not defined in any RFC
the text is designed for human reading, thus should not be misleading to the human reader

>> when it should be claiming "we are not accepting mail from
>> your domain due to policy"
>
>Too much information in my opinion.

well its supposed to be for the legit sender caught by a false positive to read
~(like any spamware has the time or inclination to read anything but the rfc defined numeric error code)

>In summary rejecting mail because their domain doesn't exist, OR FOR ANY
>OTHER SIMILAR REASON such as internally (within my organization) as NX
>*is* policy based rejection.

yeah but most smtp servers DO currently give a different textual response for policy based decisions as opposed to the sending domain not existing

obviously my above caveat was only for people who are using these stock rejection messages, if your already not giving rejection reason, there is no mis-leading rejection reason to remove/fix 




More information about the DNSfirewalls mailing list