Re: rfe: automagic open relay message refusal?

["Benjamin C.R. LaHaise" <blah@kvack.org>]

On Thu, 14 Jun 2001, Alexey Lobanov wrote:

> Not exactly. Yes, 550 We Do Not Relay during test session is a 
> sufficient negative (not-a-relay) criteria. But 250 OK is not a 
> sufficient positive criteria. Both MAPS and ORBS wait for actual 
> message arrival to the test recipient! For instant testing, it 
> is definitely not possible. So, the proposed test is  more 
> cruel... and seems, will have false positive traps. I _really_ 
> know not-opened mailhosts with the described behavior ("late 
> refusal"). See also "freezenet" word in Zmailer configs.

True, so it does have to be somewhat more careful.  Actually, the system
can be made somewhat more elaborate if the validate ip hook can spawn an
external program: the messages can be frozen until the spam test
completes.  The important point is that open mail relays are detected
fairly quickly (timeouts can be on the order of an hour or so at most) and
properly configured systems are also detected quickly.

A perhaps better solution is to make the mail protocol challenge-response
based so that it is known that a valid postmaster can be reached via the
HELO address.

> Any more?

A lot of the spam I'm getting lately has invalid Message-Id headers.

		-ben

-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi