Re: People forging their From: addresses
- Date: Fri, 2 Oct 1998 16:54:10 +0200
On Fri, Oct 02, 1998 at 04:38:08PM +0200, Xander Jansen wrote:
> + > 1) If DNS really returns "NonExistant Domain"
> + > you MAY return 5xx.
> + In the (not so rare) cases where *all* NS servers for a certain domain
> + are lost for a while (e.g. due to connetivity problems), you would then
> + bounce perfectly valid mail.
>
> But wouldn't that be SERVFAIL instead of NXDOMAIN ? If all authoritative
> nameservers for a particular domain are unreachable the domain still
> exists (since it is delegated from the nameservers one step higher in the
> tree). It is impossible however to get authoritative answers about the
> domain but that's different from the authoritative answer that the domain
> (or host) is non-existent.
>
> It shouldn't be too hard to have an MTA distinguish between a DNS server
> failure (SERVFAIL) or an authoritative NXDOMAIN answer. SERVFAIL resulting
> in a 4xx error, NXDOMAIN in a 5xx.
That's exactly what I did, but I still ended up bouncing perfectly valid
mail. Dunno why... beats me. Might be mangling of UDP packets on hosts
that don't verify/send UDP checksums (like standard sunos 4.x machines)
--
#! ##### Jan-Pieter Cornet ##### johnpc@localhost ##### perl
++$_;$!=$_+++$_;($:,$,,$/,$*)=$!=~/.(.)...(.)(.).(.)/;$!=$_+$_;
($@,$\,$~)=$!=~/(.)(.).(.)/; $_="$,$/$:"; $@localhost $~="$~$_";($_)=
\$$=~/\((.)/;$|=++$_;$_++;$|++;$~="$~ $@localhost:";`$~$/$\$*$, $|>&$_`