Re: another interesting spam trick...

From: Greg A. Woods (no email)
Date: Thu Nov 01 2001 - 14:43:59 EST

Next message: Shawn Wallbridge: "Virtual Domains"
Previous message: Ralf Hildebrandt: "Re: mail for DOMAIN loops back to myself"
Maybe in reply to: Ralf Hildebrandt: "Re: another interesting spam trick..."
Next in thread: Craig Sanders: "Re: another interesting spam trick..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

[ On Thursday, November 1, 2001 at 13:01:24 (-0500), Wietse Venema wrote: ]
> Subject: Re: another interesting spam trick...
>
> I believe in a layered approach.

Of course -- and there are already many other layers to use here, all
the way from further SMTP parameter validations and access lists, right
down into scanning the bodies of the messages, and so on.

> Requiring that the HELO parameter is in the same domain as the
> client hostname is good enough.

This is an ad hoc, meaninless, useless check and is completely outside
the scope of the requirements placed upon the SMTP client, especially
until you define "domain". It also requires that there be valid reverse
DNS for the client's source address (at least if the proper validation
fails and you have to fall back on this ad hoc check). Furthermore you
have to be VERY careful in how you write that definition lest you leave
the entire problem unsolved. Worse yet if you define "domain" in the
only obvious way (everything past the first ".") then you're still going
to block between 10% and 20% of all clients and maybe as many as 10% of
valid, non-spamming, clients -- you leave your percieved problem unsovled.

No amount of trimming has any ultimate benefit -- you will only make
things more complex and more difficult and leave your new rules
completely outside the current RFCs. You either have to decide to block
the 10% of borked clients and thus encourage them to fix their
configurations, or give up entirely and just allow any (perhaps
syntactically correct) greeting name. There is no useful in-between.

> Other restrictions will still
> be needed anyway. They can stop the remainder of the junk mail.

Once we eliminate (or block) all open relays then other restrictions can
do the real work.... However I suspect SMTP parameter validation (not
just HELO) will continue to be a useful front-line defense for a long
time to come.

-- 
							Greg A. Woods
+1 416 218-0098      VE3TCP      <>     <>
Planix, Inc. <>;   Secrets of the Weird <>
-
To unsubscribe, send mail to  with content
(not subject): unsubscribe postfix-users

Next message: Shawn Wallbridge: "Virtual Domains"
Previous message: Ralf Hildebrandt: "Re: mail for DOMAIN loops back to myself"
Maybe in reply to: Ralf Hildebrandt: "Re: another interesting spam trick..."
Next in thread: Craig Sanders: "Re: another interesting spam trick..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Invaluement Anti-Spam DNSBLs