Firewall Wizards mailing list archives
Re: Re: regarding spam...
From: Andrew Fremantle <skyhawk () skyhawk ca>
Date: Tue, 02 Apr 2002 11:03:05 PST
Hmmm... This may be a stupid idea, and I expect it to get shot down, but.... DISCLAIMER : I have not done any research on this, I'm just shooting from the hip... Why doesen't someone make a mailserver that accepts an incoming connection, and on getting the RCPT TO:localuser then makes a connection to the remote machine on port 25, and if a connection is accepted try to deliver a message to the localuser. Let me diagram that to make it a bit more clear : If receiving mail from an SMTP server : my.mailserver.com receives an incoming connection from their.server.dom - Perfectly normal their.server.dom says RCPT TO:user () mailserver com - Destined for local user my.mailserver.com attempts to open a connection to their.server.dom - Let's test.... - If connection fails, it's not an inbound SMTP server, deliver the original mail - If successful my.mailserver.com says RCPT TO:user () mailserver com - This should DEFINATELY fail. If my server can relay off it, anyone can, and it needs to be fixed. - If successful, bounce the email with a note about open relays - If unsuccessful, close the connection and deliver the email Obviously, there's potential looping concerns, and sites would have to be configured not to interrogate other SMTP servers that they trust and are supposed to allow relaying for that domain. Performance issues could potentially be reduced by (temporarily? permanently?) cacheing test results. This is what existing blacklists do, I think, but it is not vulnerable to the legal pressures they always seem to fall under. I feel this would at least tag the most obnoxious of open relays. Additionally, legitimate users will get a notice stating their message was not delivered due to technical issues they should raise with their ISP (Namely, getting them to fix their mailserver). Care should be taken to do this for all email addresses at your domain, not only addresses the server will accept, because otherwise you could leak information about which email addresses are valid. If you're dealing with an outbound only mailserver that has port 25 inbound filtered, my.mailserver.com will not get a reply, and will spend some time (what is the timeout on TCP connections, anyways? 60 seconds or so?) in a locked up state. Note that this is a purely technical solution, which would reduce, not elimiate spam. As far as I can tell, what I have proposed would result in no legitimate messages being dropped (Those that are would receive a notification), and allow for local blacklisting of open relays. Sorry for rambling on... Andrew Fremantle _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: regarding spam..., (continued)
- RE: regarding spam... Kalat, Andrew (ISS Atlanta) (Apr 01)
- Re: regarding spam... Crispin Cowan (Apr 01)
- RE: regarding spam... Bill Royds (Apr 02)
- Re: regarding spam... Thorkild Stray (Apr 02)
- Re: regarding spam... R. DuFresne (Apr 02)
- Re: regarding spam... R. DuFresne (Apr 02)
- Re: regarding spam... Adam Shostack (Apr 03)
- Re: regarding spam... Ryan Russell (Apr 03)
- Re: regarding spam... Adam Shostack (Apr 03)
- Re: regarding spam... Crispin Cowan (Apr 01)
- RE: regarding spam... Kalat, Andrew (ISS Atlanta) (Apr 01)
- Re: regarding spam... Rick Murphy (Apr 02)
- Re: Re: regarding spam... Andrew Fremantle (Apr 03)
- Re: regarding spam... Mikael Olsson (Apr 03)
- Re: regarding spam... Crispin Cowan (Apr 03)
- RE: regarding spam... Rama Kant (Apr 03)