On Thu, Feb 14, 2013 at 03:36:11PM +0000, James Day wrote:
> > > Is there a sensible way to configure postfix to allow these messages
> > > with null sender addresses to be relayed without opening the smart
> > > host up to exploitation?
> >
> > Sending bounces is not "exploitation", but the "smart host" (really
> > submission service) policy is up to the ISP. Ask them.
>
> I wasn't trying to suggest that sending bounces would be
> exploitation, rather that allowing *all* messages with a NULL sender
> to relayed through could potentially be exploited to send spam as <>
This has nothing to do with spam. One can just as easily send spam
as <mal...@example.com> as one can as <>. The ISP can equally easily
track it down, since the Received: headers will contain the offending
IP address.
The real issue is that the ISP offering a consumer-grade submission
service for MUAs, not a relay service for MTAs. Their rate limit
policies may be based on sender domains, rather than client IP
addresses (ideally they should really use the SASL login name).
Perhaps a business-grade service offering from the same ISP
(typically at a higher price-point) offers ISP support, or a
static sending IP not listed in the PBL (in which case simply
send direct and don't use the ISP relay).
> > > And before anyone comments, yes I know this isn't best practice as
> > > NDR's should have null sender addresses to stop loops (bouncing
> > > bounce-backs!).
> >
> > Not "should", MUST. Not "isn't best practice", rather prohibited.
>
> I understand and agree however in my experience you sometimes
> have to fudge things so they operate with incorrectly configured
> systems (against my own wishes!)
Not in this case, sending NDRs with a non-null envelope sender
address is a fundamental violation of the robustness requirements
of SMTP. This goes beyond working-around misconfiguration to flagrant
violation of a basic design requirement that prevents congestive
collapse of the mail system.
--
Viktor.
