AAAARGH! I blame lack of caffeine for allowing myself to fall into the logic trap both sides set up.
Yes, it appears that BBandT.com is not an open relay. Yes, it appears that BBandT.com as configured is horribly non-RFC complaint. Yes, orbz and other RBL services purport to report on open relays. Yes, they're under no obligation to use any type of standard in determining whether or not a machine is in fact an open relay, and are under no obligation to revamp their tests when they turn out to be less than totally accurate. Yes, BBandT is under no obligation to run an RFC complaint mail server to also be considered relay secure. Yes, both sides of the argument fail to see the forest for the trees. I think the good Dr. might want to consider a politer tone[1], but one can understand his response given his self imposed penance of dealing with spammers in a manner which doesn't involve anti-personnel mines. Most of the RBL "testing procedures" I've run into aren't complete or accurate. Funny given the current discussion on RFC compliance that my server fails a relay secure test with at least 1 RBL list while still being RFC complaint. Anyway, I think the RBL idea is fundamentally flawed[2] but by the same token, I understand why some people feel they are necessary. So... apparently Jim is off to make some modifications on his configuration and the good doctor will remain secure in his (debatable) opinion that he was right... and I am off to get more caffeine. [1] Yes, pot/kettle == black... You can all kiss my ass. [2] Not for the same lame ass reasons the EEF came up with by any stretch. Chris -- Chris Scharff Senior Sales Engineer MessageOne If you can't measure, you can't manage! > -----Original Message----- > From: Schwartz, Jim [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, December 04, 2001 7:59 AM > To: Exchange Discussions > Subject: ORB UK - cross post - long > > > I normally would not cross post this but it does relate to > internet mail as a whole and therefore applies to Exchange > 5.5 and 2000. > > I had the unfortunate situation recently where a > configuration error opened us up to relaying. Once notified > that this was the case, I quickly put a stop to it. I then > spent the next several hour/days having our address re-tested > by the various "blackhole" lists. Most quickly had my systems > re-tested and declared that I was not longer a relay. I did > run into one that has so far refused to remove me from the > list. When I contacted the person responsible for blocking us > ([EMAIL PROTECTED]) I got this > response: > > >Relay test 1 > >>> RSET > <<< 250 Rset state > >>> MAIL FROM:<[EMAIL PROTECTED]> > <<< 250 <[EMAIL PROTECTED]>... Sender ok > >>> RCPT TO:<[EMAIL PROTECTED]> > <<< 250 <[EMAIL PROTECTED] Recipient ok > > >Relay test result: host appeared to accept a message for relay. > > >Please don't waste my time with lies. You will not be > removed until you > >pass ALL tests. > > >-- > >Dr Paul Cummins - Internet Engineer | /"\ ASCII RIBBON > >Tel: 07021 117179 Fax: 07092 105150 + \ / CAMPAIGN > >Email: [EMAIL PROTECTED] | X AGAINST HTML MAIL > | / \ AND POSTINGS > > I then explained that the mail system would not reject mail > until the data command was sent and got this response: > > >No, you have failed the relay test ORB UK applies. If you want to be > >out > >of our list, you comply to our testing processes. You are an > open relay, > >Close it, or you stay listed. Rejecting on 'DATA' is not > compliant with > >RFC2822. > > Good Evening > > Now, of course, RFC 2822 says nothing about DATA verb or when > to check for validity that I see. I feel that RFC2821 would > be of interest when it comes to how to handle a message if > you're a SMTP host: > > I won't post the full RFC but just highlight the relevant parts: > > Section 3.7 - If it declines to relay mail to a particular > address for policy reasons, a 550 response SHOULD be > returned. However, the message policy can't be checked until > the entire message has been accepted since the mail host is > not allowed, for any reason, to end the conversation with the > exception of timeout. > > Section 4.1.1.3 RECIPIENT (RCPT) > Of course, since hosts are not required to relay mail at all, > xyz.com MAY also reject the message entirely when the RCPT > command is received, using a 550 code (since this is a > "policy reason"). > > 6.1 Reliable Delivery and Replies by Email > When the receiver-SMTP accepts a piece of mail (by > sending a "250 OK" message in response to DATA), it is > accepting responsibility for delivering or relaying the > message. It must take this responsibility seriously. It > MUST NOT lose the message for frivolous reasons, such as > because the host later crashes or because of a predictable > resource shortage. > > Sorry for the extra long post, but Dr. Cummins has refused to > continue the discussion with me and has block my mail > address. I would like your opinion on this matter on who is correct. _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
