Security Incidents mailing list archives
Re: Run a mail host with a public MX record? Seeing large numbers of bounces?
From: "Sean Hunter" <sean () uncarved com>
Date: Sat, 15 Sep 2001 12:32:31 +0100
As many people have pointed out to me, I misunderstood the initial posting. The fix that I use is to disallow connections from known spammers. You can use any one of a number of public lists for this. I fine-tune them by addding white and blacklists of my own. If they can't connect, they cant spam you or use you for spam. Sean On Fri, Sep 14, 2001 at 10:19:51AM +0100, Sean Hunter wrote:
RFC822 is _very_ out of date, and any MTA that strictly implements it is a very poor choice for today's internet. I suggest that you look at RFC2822 and other internet resources. A secure mail box will not relay spam in this way. Consider changing to a secure MTA such as qmail on a secure OS. Sean On Fri, Sep 14, 2001 at 12:29:09PM +1000, Andrew van der Stock wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi there, We are detecting a large number of messages that absolutely RFC822 compliant, but are causing our victim hosts to be delivering spam via the use of a certain header (I do not want to divulge everything just yet as it's absolutely RFC compliant and heavily used by legitimate mail list software. If more spam program writers know about this, we will not be able to stop the spam.) The victim hosts are relay-resistant. The scenario is this: SpamInjector talks with the victim mail host. The victim mail host will accept the mail, but there's a problem. The response from the victim box causes spam to the spam recipient, but of course the victim host's fingerprints are all over it. Anyone else seeing this? We've been tossing around mechanisms to stop it, but all the alternatives break compliance with the RFC, and will certainly cause mail lists to be far less useful. thanks, Andrew van der Stock, MCSE, Senior Security Architect, e-Secure Pty Ltd "Secure in a Networked World" Phone: (03) 9699 7088 Fax: (03) 9699 7066 Suite 302, 370 St Kilda Rd Mobile: 0412 532 963 Melbourne Victoria Australia Email: ajv () e-secure com au ACN 068 798 194 http://www.e-secure.com.au -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBO6FrdXMQPsd9dowGEQIB2gCg+Wevw9mV1JTGaNInQIqfvTD5OuEAn2pp h60edzNeC6C8trqmVa6CUQUu =IJwX -----END PGP SIGNATURE----- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Attachment:
_bin
Description:
Current thread:
- Run a mail host with a public MX record? Seeing large numbers of bounces? Andrew van der Stock (Sep 13)
- Re: Run a mail host with a public MX record? Seeing large numbers of bounces? Richie B . (Sep 14)
- Re: Run a mail host with a public MX record? Seeing large numbers of bounces? Sean Hunter (Sep 14)
- Re: Run a mail host with a public MX record? Seeing large numbers of bounces? Sean Hunter (Sep 15)
- Workaround for (RE: Run a mail host with a public MX record? Seeing large numbers of bounces?) Andrew van der Stock (Sep 16)
- Re: Run a mail host with a public MX record? Seeing large numbers of bounces? Sean Hunter (Sep 15)