[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: rfe: automagic open relay message refusal?
Date sent: Thu, 14 Jun 2001 12:19:14 -0400 (EDT)
From: "Benjamin C.R. LaHaise" <firstname.lastname@example.org>
To: Rik van Riel <email@example.com>
Copies to: firstname.lastname@example.org
Subject: Re: rfe: automagic open relay message refusal?
> Where connect and check involves opening an SMTP session to the remote
> server and verifying that it does not relay mail for anyone.
> Yes, this is exactly what ORBS like databases do,
Not exactly. Yes, 550 We Do Not Relay during test session is a
sufficient negative (not-a-relay) criteria. But 250 OK is not a
sufficient positive criteria. Both MAPS and ORBS wait for actual
message arrival to the test recipient! For instant testing, it
is definitely not possible. So, the proposed test is more
cruel... and seems, will have false positive traps. I _really_
know not-opened mailhosts with the described behavior ("late
refusal"). See also "freezenet" word in Zmailer configs.
> however they are not
> trusted, nor do they catch new open mail relays.
Yes. All this anti-spam system is a compromise. And seems, any
radical solution will be "the medicine being worse than the
BTW. Some other useful anti-spam filters that can be easily
established in Postfix and hardly in Zmailer:
1. Client reverse DNS record must exist. We assume that the
absence of reverse DNS means clear "improper network
maintenance" aka "lazy admin" diagnosis for remote host. Seems,
refusal should be 4xx: DNS may timeout, etc.
2. HELO greeting form must be FQDN. Typical spammer MS-Windows
workstation says: "HELO Default", or "HELO PC". Very good
criteria. Refusal must be 5xx without explanations.
3. HELO name must exist in DNS. NB: many legal WinNT-based
mailservers create HELO name from real Internet domain and
NETBIOS hostname containing underscore "_" or 8-bit chars. So,
dangerous criteria. Refusal should be either 5xx (for formally
improper names like nt_server.realdomain.com) or 4xx (for any
negative DNS answer).
4. "X-Mailer:" header filtering during data receiving, then "550
Content rejected, further input skipped". Many spam software
authors really do not forget to advertize themself in "X-Mailer:
Advanced Direct Remailer", etc. strings.
Head, IT Department
Fax +7-501-3468248, +7-812-3271408
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to email@example.com