Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Spammers just got smarter.

From: Erik Fichtner <techs () obfuscation org>
Date: Thu, 24 Aug 2000 23:48:21 -0400
On Thu, Aug 24, 2000 at 12:57:22PM -0400, Justin Lintz wrote:

The idea of scanning for proxies before accepting mail could lead to
problems for people who have no choice but to use a proxy to send mail.


In theory, this is a problem.

In practice, legitimate users have a smarthost relay.  Every ISP has one.

I've had some experimental code on one of my boxes that only accepts inbound
smtp connections after it's connected back to the sender's a_or_mx [1] via
smtp and started a transaction to deliver the possible bounce.  (it sits for a
second at the choice of "DATA" or "QUIT")  The major principle of this idea
is "If you're going to be able to send ME mail, I need to be able to send
YOU mail too."

This kills off everyone that isn't using a smarthost or isn't running a
working smtp daemon. There's the 1%-ers that have strange setups that get
caught by this, but for most traditional mailer setups, it works.. [2]


I think instead people who are
using wingate as their proxy should configure it correctly and that would
prevent people spamming through them.


I think it's perfectly acceptable for the recipient to do whatever they
feel like to enforce that the sender adheres to their local rules.   If
your local rule is "thou shalt not send mail to me via a proxy", then so
be it.  Either the sender won't send you any mail, or you'll change your
mind about your local rule.



[1] Yes, this is abusable in several really cool ways, and a couple of
not at all cool ways.

[2] "works" being loosely defined as "doing the right thing just so long as
anyone with a clue isn't actively trying to circumvent it, in which case it
doesn't work at all and can actually be worse.  Don't try this at home,
kids."

--
                        Erik Fichtner; Unix Ronin
                    http://www.obfuscation.org/techs/
"The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself.  Therefore, all progress
depends on the unreasonable." -- George Bernard Shaw
Previous By Date Next
Previous By Thread Next

Current thread: