[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Forged sender test

To: "Matti Aarnio" <mea@nic.funet.fi>
Subject: Re: Forged sender test
From: "Vince Puzzella" <vpuzzella@bluecatnetworks.com>
Date: Sat, 11 Jan 2003 16:36:19 -0500
Cc: <zmailer@nic.funet.fi>
Original-Recipient: rfc822;zmailer-log@nic.funet.fi
References: <3E20A923.19526.2B18D0F@localhost> <002001c2b9b2$591327a0$42906618@cr953442a> <20030111233329.E4835@nic.funet.fi>
Sender: zmailer-owner@nic.funet.fi

> When it comes to spam-blocking, material scanning, and analysis
>  with bayesian statistics filtering might be most worthwhile.

I suppose will try to convince them that a forgery test is performed at the
content filtering phase.  I'm using Spamassassin and I'm pretty sure that's
one of the tests.  The message won't be denied flat-out but the spam score
will increase slightly.  That should be enough.

Thanks for the info guys.

----- Original Message -----
From: "Matti Aarnio" <mea@nic.funet.fi>
To: "Vince Puzzella" <vpuzzella@bluecatnetworks.com>
Cc: <zmailer@nic.funet.fi>
Sent: Saturday, January 11, 2003 4:33 PM
Subject: Re: Forged sender test


> On Sat, Jan 11, 2003 at 03:45:16PM -0500, Vince Puzzella wrote:
> > I see you point and agree totally.  But a forged sender test option
> > is required by my spec.  I didn't come up with it and I don't have
> > the patience, time, and energy to convince the powers that be
> > otherwise :).  I was just wondering if I was missing something
> > and it was possible without any source code changes.
> >
> > Thanks anyway.
>
>   Nothing is worse, than semi-cluefull specs-writers..
>
>   There are lots of large ISPs which have e.g. their web-mail systems
>   running so that outgoing email comes out from different addresses,
>   than where the ingoing email goes.  I picked at random one email:
>
> Received: from smtp018.mail.yahoo.com ([216.136.174.115]:32265 "HELO
>         smtp018.mail.yahoo.com") by vger.kernel.org with SMTP
>
>   Look for  "dig mx yahoo.com"  and observe, what addresses appear
>   for the MX target addresses.  None match the one shown above.
>
>   Same story with hotmail.com.
>
>
>   Another situation are users with  .forward,   which resends
>   incoming email to another address without altering origination
>   address.
>
>
>   ZMailer does verify that MAIL FROM address (domain) is routable.
>   I have observed some systems to back-probe outgoing MAIL FROMs
>   with:
>        EHLO something..
>        MAIL FROM:<>
>        RCPT TO:<outgoing@source.address>
>
>   When I raised attention of people who had begun to do that, I raised
>   it because they didn't do any sort of caching of the results, and
>   a high-volume list server got 300+ backtests for each target domain
>   with subscribers...
>
>   The idea itself might make some sense, but of course it falls on its
>   face when backup MX server says "yeah, I will relay to that domain",
>   and possibly even the primary is "fine, I handle that domain", like
>   what default ZMailer smtpservers are doing.
>
>
>   When it comes to spam-blocking, material scanning, and analysis
>   with bayesian statistics filtering might be most worthwhile.
>
> --
> /Matti Aarnio <mea@nic.funet.fi>
> -
> To unsubscribe from this list: send the line "unsubscribe zmailer" in
> the body of a message to majordomo@nic.funet.fi
>

-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi

References:
- Re: Forged sender test
  - From: "Alexey Lobanov" <aal@evidence-cpr.com>
- Re: Forged sender test
  - From: "Vince Puzzella" <vpuzzella@bluecatnetworks.com>
- Re: Forged sender test
  - From: Matti Aarnio <mea@nic.funet.fi>

Prev by Date: Re: Forged sender test
Next by Date: Re: sendmail -f
Prev by thread: Re: Forged sender test
Next by thread: sendmail -f
Index(es):
- Date
- Thread