[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: open relay

To: Robert Kurjata <rkurjata@ire.pw.edu.pl>
Subject: Re: open relay
From: Matti Aarnio <mea@nic.funet.fi>
Date: Wed, 25 Jun 2003 20:51:37 +0300
Cc: Zmailer <zmailer@nic.funet.fi>
In-Reply-To: <1056560440.3ef9d5382bf38@www.ire.pw.edu.pl>; from rkurjata@ire.pw.edu.pl on Wed, Jun 25, 2003 at 07:00:40PM +0200
Original-Recipient: rfc822;zmailer-log@nic.funet.fi
References: <51429497765.20030618135724@zto.cz> <01be01c33977$2590e490$0b67a8c0@admin> <318751042.20030625141633@ire.pw.edu.pl> <20030625160341.Q17711@nic.funet.fi> <1056560440.3ef9d5382bf38@www.ire.pw.edu.pl>
Sender: zmailer-owner@nic.funet.fi

On Wed, Jun 25, 2003 at 07:00:40PM +0200, Robert Kurjata wrote:
> Cytowanie Matti Aarnio <mea@nic.funet.fi>:
> It is old. kernel 2.0.35 (1999 y.), gcc 2.7.2.1 :)

That does not matter, I did have similar box way back..
I don't have it at hand anymore.

> [Cut out a part]
... 
> So it works, but: Zmailer is treating this as a local address and
> send bounce mail back which may be abused too. He still accepts mail
> (250 OK).
> Shouldn't he check it differently?? eg. returning
>           Relaying Denied or User Unknown

That is generic problem in case of disjoint smtp receiver vs. routing.
Running fully interactive testing routing could be used to solve
the question, but it is rather heavy-handed approach.

> I've just checked my 2.99.55-patch1 - he acts the same way -> accepts
> mail and sends a bounce. But there is an issue:
> I can use this mechanism for spamming. Its just a very easy mechanism
> - just use you victim address as a field FROM: and he will get all the
> bounces, and people do read bounces. 
> 
> And that is why I got on the blacklist. Because of forced bounces.

Now did you ?  Into which blacklist ?  I do think your case was due to
ssift/tsift  stripping double-quotes from around localpart addresses
in  canonicalize() function.

> What do you think about it?

(... presuming that really is about "forced bounces" ...)

That whoever thought up that kind of listings should check
their head.  All firewalled sites with frontend MTA doing
inbound relaying without actual inside knowledge would then
be blacklisted...  Pick any site having multiple MX servers,
which never accepts email direct from the world, but gets
feed from ISP's backup MX MTA.

> Robert Kurjata     mailto:rkurjata@ire.pw.edu.pl
-- 
/Matti Aarnio	<mea@nic.funet.fi>
-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi

References:
- open relay
  - From: pizi <zmailer@pizi.cz>
- Re: open relay
  - From: "Piotr Marszewski" <piotr.marszewski@phonesat.pl>
- Re[2]: open relay
  - From: Robert Kurjata <rkurjata@ire.pw.edu.pl>
- Re: open relay
  - From: Matti Aarnio <mea@nic.funet.fi>
- Re: open relay
  - From: Robert Kurjata <rkurjata@ire.pw.edu.pl>

Prev by Date: Re: open relay
Next by Date: Re: open relay
Prev by thread: Re: open relay
Next by thread: Re: open relay
Index(es):
- Date
- Thread