Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Gmail blacklisted by Full-disclosure

From: "Graham Reed" <greed () pobox com>
Date: Mon, 20 Jun 2005 13:20:56 -0400
Valdis.Kletnieks () vt edu writes: 
Complain to GMail - it's saying that a 'MAIL FROM:<>' is invalid, when
in fact its the *mandatory* way of sending bounce messages. RFC2821, section 6.1:
That may be what the error message from the blacklist claims to say, but that's not what the "evidence" provided on the blacklist's website says: <URL:http://www.rfc-ignorant.org/tools/detail.php?domain=zproxy.gmail.com&su bmitted=1116709803&table=dsn> 
<postmaster () zproxy gmail com>: connect to zproxy.gmail.com[64.233.162.200]:
Connection timed out So, of course MAIL FROM:<> fails. MAIL FROM: <validuser () gmail com> will also fail, as will MAIL FROM: <bogususer () gmail com> or MAIL FROM: invalid syntax. A quick check with good ol' telnet confirms that Connection timed out is, indeed, the problem. So it's not that quick a check.... It is entirely possible that these machines are interior to exterior relays; they are not MX nodes. Trying to deliver to these machines rather than the advertised MX seems just... well, prone to failure at best. There is no requirement I'm aware of that an SMTP sender also be an SMTP receiver. If your MTA accepts the message and then finds out it needs to bounce it, you bounce to the address provided in MAIL FROM:. You no longer care about the HELO/EHLO host, and besides, what username would you use on that host anyway? DNSbls are good, but I'm not sure that DNSbl is well-run, though I do approve of its intent. 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: