Firewall Wizards mailing list archives

Re: Re: regarding spam...

From: Andrew Fremantle <skyhawk () skyhawk ca>
Date: Tue, 02 Apr 2002 11:03:05 PST

Hmmm... This may be a stupid idea, and I expect it to get shot down, but....
DISCLAIMER : I have not done any research on this, I'm just shooting from the hip...

Why doesen't someone make a mailserver that accepts an incoming connection, and on getting the RCPT TO:localuser then
makes a connection to the remote machine on port 25, and if a connection is accepted try to deliver a message to the
localuser. Let me diagram that to make it a bit more clear :

If receiving mail from an SMTP server :
my.mailserver.com receives an incoming connection from their.server.dom - Perfectly normal

their.server.dom says RCPT TO:user () mailserver com - Destined for local user

my.mailserver.com attempts to open a connection to their.server.dom - Let's test....

- If connection fails, it's not an inbound SMTP server, deliver the original mail

- If successful my.mailserver.com says RCPT TO:user () mailserver com - This should DEFINATELY fail. If my server
can relay off it, anyone can, and it needs to be fixed.

- If successful, bounce the email with a note about open relays

- If unsuccessful, close the connection and deliver the email

Obviously, there's potential looping concerns, and sites would have to be configured not to interrogate other SMTP
servers that they trust and are supposed to allow relaying for that domain. Performance issues could potentially be
reduced by (temporarily? permanently?) cacheing test results. This is what existing blacklists do, I think, but it is
not vulnerable to the legal pressures they always seem to fall under. I feel this would at least tag the most obnoxious
of open relays. Additionally, legitimate users will get a notice stating their message was not delivered due to
technical issues they should raise with their ISP (Namely, getting them to fix their mailserver). Care should be taken
to do this for all email addresses at your domain, not only addresses the server will accept, because otherwise you
could leak information about which email addresses are valid.

If you're dealing with an outbound only mailserver that has port 25 inbound filtered, my.mailserver.com will not get a
reply, and will spend some time (what is the timeout on TCP connections, anyways? 60 seconds or so?) in a locked up
state.

Note that this is a purely technical solution, which would reduce, not elimiate spam. As far as I can tell, what I have
proposed would result in no legitimate messages being dropped (Those that are would receive a notification), and allow
for local blacklisting of open relays.

Sorry for rambling on...
Andrew Fremantle
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

RE: regarding spam..., (continued)
- RE: regarding spam... Kalat, Andrew (ISS Atlanta) (Apr 01)
  - Re: regarding spam... Crispin Cowan (Apr 01)
    - RE: regarding spam... Bill Royds (Apr 02)
    - Re: regarding spam... Thorkild Stray (Apr 02)
    - Re: regarding spam... R. DuFresne (Apr 02)
    - Re: regarding spam... R. DuFresne (Apr 02)
    - Re: regarding spam... Adam Shostack (Apr 03)
    - Re: regarding spam... Ryan Russell (Apr 03)
    - Re: regarding spam... Adam Shostack (Apr 03)
    - Re: regarding spam... Rick Murphy (Apr 02)
    - Re: Re: regarding spam... Andrew Fremantle (Apr 03)
    - Re: regarding spam... Mikael Olsson (Apr 03)
  - RE: regarding spam... Jeff Brown (Apr 02)
- RE: regarding spam... Kalat, Andrew (ISS Atlanta) (Apr 02)
  - Re: regarding spam... Crispin Cowan (Apr 03)
  - RE: regarding spam... Rama Kant (Apr 03)
- Re: regarding spam... fwwiz (Apr 03)
- Re: regarding spam... Echo OnLine Administration (K.H) (Apr 03)