On Thu, Aug 02, 2012 at 11:27:52AM -0400, Wietse Venema wrote:
> > On 2 Aug 2012, at 14:17, Wietse Venema wrote:
> >
> > > The prime directive for Postfix is to deliver mail reliably without
> > > sucking from a performance or human interface point of view, and
> > > without granting unnecessary privileges to random strangers.
> >
> > Too bad your prime directive includes opening connections to port 25
> > for 0.0.0.0 when people have misconfigured their MX records. :-)
>
> I have an A record for warez.porcupine.org that resolves to 127.0.0.1.
> I could have used 0.0.0.0 instead and have gotten a similar result.
By default though Postfix would have accepted the message, the delivery
attempt to 0.0.0.0 would have failed with a "loops back to myself" error.
The OP must have tweaked his configuration to disable loop detection.
Refusing to connect 0.0.0.0 is not substantially more effective
than detecting the loop on the first delivery attempt. As for
blocking mail from sites with bad MX records, such policies need
to be site-specific, as many a clueless administrator operates the
DNS for someone's most important sender. More legitimate mail would
be lost by strict enforcement than spam rejected.
--
Viktor.
