Grant Taylor via mailop <mailop@mailop.org> (Sa 25 Mär 2023 17:07:23 CET): > Are you indicating that you had problems sending to others who were using > NoListing / MX sandwiching? Or are you saying that your equipment had > problems going through NoListing / MX sandwiching in your outbound > infrastructure?
We used MX sandwiching/NoListing on our own MXs and had issues sending
messages to remote sites which did sender verification via a poorly
implemented callback.
> > Some appliances (barracuda?) on the remote end implemented sender
…
> Well ... the idea is that a proper / RFC compliant SMTP stack is used ...
> which rules out some vendors. }:-)
>
> I've never been a fan of Barracuda for a number of reasons.
Please note the question mark above, I don't want to blame *any* vendor
without proof. Time passed since then, maybe they improved their
callback implementation.
> Would you mind elaborating how you tested NoListing / MX sandwiching? Did
> you 1) timeout connections, 2) send a TCP reset, or 3) send an ICMP error?
1st MX: TCP RST (either by open firewall and no listener on port 25, OR
done by the firewall directly (iptables … -j REJECT
--reject-with tcp-rst)
2nd MX: listener on port 25
3rd MX: firewall, dropping incoming TCP SYN
That's what I understand as a sandwich ;)
Proper sending sites try the 1st one, and fastly move on to the second.
Poorly implemented senders either give up after the 1st one, or try to
be clever and use the 3rd one (as this one is often less prepared for
spam rejection as the primaries), and hopefully give up.
> > With our current greylisting implementation (using MAIL-FROM/RCPT-TO) as
> > key, we didn't have issues so far. Until mailgun started (?) using
> > variable senders for each delivery attempt.
>
> I never understood different envelope senders for each attempt of a given
> message. -- I can see different envelope senders per message, a la. VERP.
> But I would naively expect each message to have a fixed envelope sender and
> recipient from submission time until delivery time.
Same here. Unfortunately Renate from mailgun didn't respond yet.
I'd like to hear their intentions with this approach.
Best regards from Dresden/Germany
Viele Grüße aus Dresden
Heiko Schlittermann
--
SCHLITTERMANN.de ---------------------------- internet & unix support -
Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
gnupg encrypted messages are welcome --------------- key ID: F69376CE -
signature.asc
Description: PGP signature
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
