Re: [semi-OT] any test results for SenderID?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On Mon, Oct 25, 2004 at 03:36:15PM -0700 or thereabouts, Murray S. Kucherawy wrote:
> Getting caught up on this list.  Sorry for falling behind but other
> priorities prevailed...
> 
> On Thu, 21 Oct 2004, Michael Elliott wrote:
> > Well, from my evaluation viewpoint there are a few more fundementals
> > that need to be dealt with before sid-filter can be used in a production
> > environment.
> >
> > 1) It does not deal with authorized clients easily.  There is
> >    -a peerlist and -d domains,to,ignore as a static listing
> >    of clients.  But there is no dynamic processing of authorized clients.
> >    a) SMTP-AUTH is the what clients are supposed to move to for roaming
> >       access.  Except, there is no provision for checking it in sid-filter.
> >       Looking at the {auth_type} and other {auth_*} records should make
> >       this easy.
> 
> I did add this to the dk-milter package.  It's easy to clone the same
> feature in sid-milter.  Can you open an RFE on Sourceforge to remind me?

Done. 

> >    d) /etc/mail/access should be read and processed.  This info should
> >       not have to be duplicated in the -a peerlist and -d domains.
> 
> Why?

3 Cases: 
A) Some idiot users will/can not use one of the other authentification 
   methods so I occasionally have to use 
   From:id...@my... 	RELAY
   in my access.db file.  Luckily I am down to about 0.1% of my userbase
   that needs this.  They just cannot seem to hit receive before send
   and refuse to upgrade from Window 95.  We enforce responsibility for 
   this poorly chosen option with $100+ fines for abuse by them or others.  
   So, we don't see as much trouble as expected.

B) Milter-sid-To:ab...@my...		OK
   Milter-sid-To:pos...@my...	OK
   or the more general case 
   To:ab...@my...			OK
   To:use...@my...	OK

   I need to be able override the default filtering check (which would be
   reject to be effective) for an individual user.  Some customers have 
   spa...@do..., some just do not trust any filtering and want to 
   see every message.

C) My client for email and web has a static IP DSL line from someone else
   AND badly published spf records.  (otherwise, could be done inside spf)
   Milter-sid-Connect:a.b.c.d			OK

   If you say, well add it to the peer list, I would counter with 
   "I don't want to stop and restart the milter every time I have to add
   an address."  My sendmail process has been running for 4 months, why 
   can't my milter?

See http://www.milter.info/milter-gris/index.shtml as a better explantion
and good implementation of what I am asking for.  I currently run that 
milter modified to also accept popauth/DRACd.

Case B is the only one with a strong argument for it, but as an ISP, I
need to deal with cases in the three sigma range.  Case and point, I 
still have !path uucp customers.  Until the ISPs can handle all cases,
they won't install the software.  Until the ISPs install the software,
this is a hobby project.

-Mike Elliott