> From nanog-bounces+bonomi=mail.r-bonomi....@nanog.org Thu Oct 7 23:37:29 > 2010 > Date: Fri, 08 Oct 2010 15:38:12 +1100 > From: Ben McGinnes <b...@adversary.org> > To: Leen Besselink <l...@consolejunkie.net> > Subject: Re: New hijacking - Done via via good old-fashioned Identity Theft > Cc: nanog@nanog.org > > This is an OpenPGP/MIME signed message (RFC 2440 and 3156) > --------------enigE085D76E6AF9BB6CCE824E1F > Content-Type: text/plain; charset=UTF-8 > Content-Transfer-Encoding: quoted-printable > > On 8/10/10 10:00 AM, Leen Besselink wrote: > >=20 > > k...@domain.tld for when you have a personal domain > > key-u...@domain.tld for when you have a server which understand address= > > > extensions > > Actually I think it's user+...@domain.tld for the second one. At least > that's what I've seen for Postfix. Not so sure about other MTAs.
SendmMail 'invented' the 'plussed' extenstion to an address. Other MTAs mimic SendMail's behavior The '+key' is ignored for purposes of selecting the delivery mailbox username+anything gets handed to the LDA for final delivery to mailbox 'username',, _with_ the 'plus part' (i.e. 'anything, from above) available as an extra parameter. To selectively accept/discard on the plussed portion of the address, you either do it in th LDA (procmail, for example, makes this really easy), or you have to run a 'milter' that knows which plussed parts are valid for which users. For a mailserver that does -not- understand 'plussed' addresses, you can usually fake it out by putting the key as an extra elemnt of the host-name. e.g. u...@key.some.dom.ain.tld. AFAIK eveery MTA accepts mail with a more-specific name than a name it has been explicitly told to accept (either for local delivry, or for forwarding) mail for.
