IETF Logo Mail Archive

[Asrg] RMX example

Hadmut Danisch <hadmut@danisch.de> Tue, 06 May 2003 20:51 UTC

Received: from www1.ietf.org (ietf.org [132.151.1.19] (may be forged)) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA08480 for <asrg-archive@odin.ietf.org>; Tue, 6 May 2003 16:51:53 -0400 (EDT)
Received: (from mailnull@localhost) by www1.ietf.org (8.11.6/8.11.6) id h46L0VR28338 for asrg-archive@odin.ietf.org; Tue, 6 May 2003 17:00:31 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h46L0V828335 for <asrg-web-archive@optimus.ietf.org>; Tue, 6 May 2003 17:00:31 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA08404; Tue, 6 May 2003 16:51:23 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19D9RH-0002MV-00; Tue, 06 May 2003 16:53:27 -0400
Received: from ietf.org ([132.151.1.19] helo=www1.ietf.org) by ietf-mx with esmtp (Exim 4.12) id 19D9RG-0002MS-00; Tue, 06 May 2003 16:53:26 -0400
Received: from www1.ietf.org (localhost.localdomain [127.0.0.1]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h46Kv3827675; Tue, 6 May 2003 16:57:03 -0400
Received: from ietf.org (odin.ietf.org [132.151.1.176]) by www1.ietf.org (8.11.6/8.11.6) with ESMTP id h46KuL827639 for <asrg@optimus.ietf.org>; Tue, 6 May 2003 16:56:21 -0400
Received: from ietf-mx (ietf-mx.ietf.org [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA08060 for <asrg@ietf.org>; Tue, 6 May 2003 16:47:13 -0400 (EDT)
Received: from ietf-mx ([132.151.6.1]) by ietf-mx with esmtp (Exim 4.12) id 19D9NF-0002FI-00 for asrg@ietf.org; Tue, 06 May 2003 16:49:17 -0400
Received: from sklave3.rackland.de ([213.133.101.23]) by ietf-mx with esmtp (Exim 4.12) id 19D9NE-0002FF-00 for asrg@ietf.org; Tue, 06 May 2003 16:49:17 -0400
Received: from sodom (uucp@localhost) by sklave3.rackland.de (8.12.9/8.12.9/Debian-1) with BSMTP id h46Ko7RD024499 for asrg@ietf.org; Tue, 6 May 2003 22:50:07 +0200
Received: (from hadmut@localhost) by sodom.home.danisch.de (8.12.9/8.12.9/Debian-1) id h46KmP6V004936 for asrg@ietf.org; Tue, 6 May 2003 22:48:25 +0200
From: Hadmut Danisch <hadmut@danisch.de>
To: asrg@ietf.org
Message-ID: <20030506204824.GA4708@danisch.de>
References: <20030506145854.GA22670@danisch.de> <Pine.GSO.4.10.10305061313570.3262-100000@nber5.nber.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <Pine.GSO.4.10.10305061313570.3262-100000@nber5.nber.org>
User-Agent: Mutt/1.4i
Subject: [Asrg] RMX example
Sender: asrg-admin@ietf.org
Errors-To: asrg-admin@ietf.org
X-BeenThere: asrg@ietf.org
X-Mailman-Version: 2.0.12
Precedence: bulk
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=unsubscribe>
List-Id: Anti-Spam Research Group - IRTF <asrg.ietf.org>
List-Post: <mailto:asrg@ietf.org>
List-Help: <mailto:asrg-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/asrg>, <mailto:asrg-request@ietf.org?subject=subscribe>
List-Archive: <https://www1.ietf.org/pipermail/asrg/>
Date: Tue, 06 May 2003 22:48:25 +0200

On Tue, May 06, 2003 at 03:56:40PM -0400, Daniel Feenberg wrote:
>
> It would probably be usefull if you posted a few sentences to go
> over exactly what the validation steps are for a site using RMX
> to control incoming mail. 


OK.

Let's go through an example (not yet implemented)



1. Authorized mail
  Imagine I am sending you an email.

  My MTA opens an SMTP connection to your
  MTA (where the MX of your domain points to). Your MTA
  sees an SMTP connection from 213.133.101.23. Nothing
  hapens so far. HELO or EHLO doesn't matter.

  Now my MTA issues the SMTP command

    MAIL FROM: <hadmut@danisch.de>

  and waits for the reply code of your MTA.
  This is where your MTA performs the RMX lookup:

  The sender address hadmut@danisch.de has the
  domain part danisch.de. So the RMX record for danisch.de 
  is queried. 


  danisch.de IN RMX  ( relays.rackland.de  relays.somecompany.com )


  because I might use the relay machines of Rackland and SomeCompany
  to deliver mail. But I do not want to update my zone table every
  time Rackland and Somecompany change their IP addresses. So
  it is the task of Rackland's and SomeCompany's administrations
  to keep the APL records below up to date.


  In a second step, the APL records are fetched:


  relays.rackland.de    IN APL ( 213.133.101.23/32 )
  relays.somecompany.de IN APL ( ...some addresses )

  After the first APL record the check is finished because it
  positively covers the IP address where the SMTP connection came
  from.

  -> your MTA learned that my MTA with that particular IP address
     was authorized to use danisch.de as a sender domain.




2. Unauthorized mail / Spam

   Now a second SMTP connection is opened to your MTA, 
   this time from 62.226.51.34. Again, nothing happens so 
   far. 

   Now the sending MTA issues the SMTP command
 
      MAIL FROM: <foobar@danisch.de>

   (which is unauthorized)

   Now your MTA fetches the RMX and APL records as described above.
   But these APL records do not cover the IP address 62.226.51.34

   -> Now your MTA learned that the message came from an IP 
      address that was not authorized to send

   -> It's up to you and your local rule set what to do with it,
     whether to reject, drop, tag, run through a content filter or 
     whatever.




Should be enough to understand the basic principle.
(For easier reading I simplified the APL syntax a little bit)

Hadmut



_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg

v2.23.0 | Report a Bug | By Email