Double Irony! (was Re: [linux-elitists] ruben's stupid filter)

Dan Wilder dan@ssc.com
Sun Mar 24 23:04:01 PST 2002


On Sun, Mar 24, 2002 at 09:42:26PM -0800, Marc MERLIN wrote:
> On Sun, Mar 24, 2002 at 01:41:30PM -0800, Dan Wilder wrote:
> > I'm playing with automating the idea of SMTP blacklisting mail from those 
> > who refuse bounces from our mailer-daemon.  Have been doing something
> That's easy, I already have this on sourceforge.net, it's completely
> automated with SMTP callbacks:

[ In which Marc verifies a bad envelope-sender and replies with 550 ]

I was thinking more about collecting statistics on hosts that
are chronic refusers, over time, of our mailer-daemon bounces.
Probably further restricted by looking only for bounces of email
from spambait addresses.  And then probably adding an approval step 
to the resulting blacklist entry.

I'm also at this point targeting more envelope-from hosts who give
us an chronic "connection refused" than those who respond with a 550
to some contact.  

Dan > This catches, for example, hotmail, which refuses bounces, but which also
> 
> That's not true.

[ In which hotmail accepts a bounce from Marc ]

I see that the several mailer-daemon messages to hotmail I had
stuck in my outgoing queue for a few days week before last are gone now. 
Without replacement.  They must have started accepting connections.  
Or nobody's sending us gobs of spam this week with forged envelope-from 
hotmail.

> > Unfortunately the RFCs appear to prohibit validating the actual
> > sending host against DNS and then declining mail based on that
> > validation.  That'd catch a large part of the spam that comes in.
>
> I don't  see which  RFC forbids one,  and even  if there were  to be  one, I
> wouldn't care and do SMTP callbacks anyway.

Forgive me, I wasn't explicit.  Verifying HELO host.
RFC1123 says "MUST NOT" about about refusing of mail after 
HELO host fails to verify.  More's the pity.

> > Aside from RFC considerations, this is not feasible on pragmatic 
> > grounds: way too many legitimate hosts with broken DNS.
> 
> Do you mean forward and reverse on  the calling host? Yeah, I don't do that,
> because it probably catches as much legitimate mail as it catches spam.

Only forward.  Reverse is a lost cause.  Too many ISPs refuse their
customers a valid reverse record. 

-- 
-----------------------------------------------------------------
 Dan Wilder <dan@ssc.com>   Technical Manager & Editor
 SSC, Inc. P.O. Box 55549   Phone:  206-782-8808
 Seattle, WA  98155-0549    URL http://embedded.linuxjournal.com/
-----------------------------------------------------------------



More information about the linux-elitists mailing list