Re: People forging their From: addresses

To: Xander Jansen < >
"Wilfried Woeber, UniVie/ACOnet" < >
From:
Date: Fri, 2 Oct 1998 16:54:10 +0200
Cc:

On Fri, Oct 02, 1998 at 04:38:08PM +0200, Xander Jansen wrote:
> + >    1)	If DNS really returns "NonExistant Domain"
> + >	you MAY return 5xx.
> +   In the (not so rare) cases where *all* NS servers for a certain domain
> +   are lost for a while (e.g. due to connetivity problems), you would then
> +   bounce perfectly valid mail.
> 
> But wouldn't that be SERVFAIL instead of NXDOMAIN ? If all authoritative
> nameservers for a particular domain are unreachable the domain still
> exists (since it is delegated from the nameservers one step higher in the
> tree). It is impossible however to get authoritative answers about the
> domain but that's different from the authoritative answer that the domain
> (or host) is non-existent.
> 
> It shouldn't be too hard to have an MTA distinguish between a DNS server
> failure (SERVFAIL) or an authoritative NXDOMAIN answer. SERVFAIL resulting
> in a 4xx error, NXDOMAIN in a 5xx.

That's exactly what I did, but I still ended up bouncing perfectly valid
mail. Dunno why... beats me. Might be mangling of UDP packets on hosts
that don't verify/send UDP checksums (like standard sunos 4.x machines)

--
#! ##### Jan-Pieter Cornet ##### johnpc@localhost ##### perl
++$_;$!=$_+++$_;($:,$,,$/,$*)=$!=~/.(.)...(.)(.).(.)/;$!=$_+$_;
($@,$\,$~)=$!=~/(.)(.).(.)/; $_="$,$/$:"; $@localhost $~="$~$_";($_)=
\$$=~/\((.)/;$|=++$_;$_++;$|++;$~="$~ $@localhost:";`$~$/$\$*$, $|>&$_`

Post To The List:

Follow-Ups:
- Re: People forging their From: addresses
  - From: Piet Beertema

References:
- Re: People forging their From: addresses
  - From: Wilfried Woeber, UniVie/ACOnet
- Re: People forging their From: addresses
  - From: Xander Jansen

<<< Chronological >>>

Author Subject

<<< Threads >>>