> I asked John, who is the author of the RFC his opinion. Here is his
> response.
It's an interesting view. I don't entirely agree with it, since it's not
entirely consistent with what the original RFC, 821, seems to suggest.
821, of course, was written in a more innocent time, when spammers didn't
steal resources and everyone on the net helped everyone else a lot more
than they do (or seem to) now.
>From my point of view (wearing my ORB UK hat) I am not going to change the
procedures to wait for a 554 on DATA for preliminary re-testing, which is
what this was.
Without revealing my methods, let me explain my methodology, which might
help many people understand why I am so strict when I deal with removals.
When someone sends me a relay report, my system automatically checks if it
is listed already, flagging it if it is, and tests it. I have no input at
that stage. My tester runs 19 different relay tests, including all known
SMTP exploits, and 2 proxy exploits that are now common.
If you fail ANY of those tests (by actual receipt of relay mail) you are
listed.
If you pass OR fail, Then you are tested for RFC Compliance by acceptance
of postmaster@domain, postmaster and postmaster@[ip.add.re.ss]. Again, if
any of these fail, even if you pass on Relay, you are listed. This is how
95% of MS Exchange boxes end up listed, BTW.
When you email for removal, I do the work manually. I do a preliminary
retest using abuse.net. IF you fail it, I tell you so, quoting the result.
If you pass, I put your IP into the testing queue, which, when you pass
ALL of the tests, removes your listing, since the 'listed' flag is true.
The exploits tested cover straight Relaying, Disguised relaying,
local.part relaying, UUCP Path, Corrupted path, invalid characters, open
firewall, and open proxy. The exploits affect Sendmail, Exim, Exchange,
Mailtraq and many others. They are well known and documented, I have no
need to repeat them here.
I hope that helps explain why I seem somewhat brusque when people insist
that I am wrong in my manual testing. I am actually trying to help you,
and realise I can't get the shotgun out :-)
It also hasn;t helped recently that I've been getting home from Hospital
at a little after 8pm, having been there with my wife for the previous 12
hours every day this week. I've been having very little sleep, and as a
result of both worry, insomnia, and general intolerance for spammers,
I was less than amicable in my attitude. For that I apologise.
It has now been confirmed that my wife is not going to lose our
first child, and that the pregnancy is progressing normally.
Yesterday her appendix was removed...
So, as I'm am sure you can see, I have been concerned with Reallife (tm)
for the last few days, yet still had to deal with crap from spammers, who
I am successfully blocking, cartoonying me on a daily basis, as well as
ongoing dDOS attacks on my DNS servers.
I know this doesn't excuse blatant rudeness, and I'm not asking for
sympathy, just thought it might help to explain.
--
Dr Paul Cummins - Internet Engineer | /"\ ASCII RIBBON
Tel: 07021 117179 Fax: 07092 105150 + \ / CAMPAIGN
Email: [EMAIL PROTECTED] | X AGAINST HTML MAIL
| / \ AND POSTINGS
________________________________________________________________________________
Delivered using the Free Non-Commercial Edition of Mailtraq 2 (www.mailtraq.com)
_________________________________________________________________
List posting FAQ: http://www.swinc.com/resource/exch_faq.htm
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe: mailto:[EMAIL PROTECTED]
Exchange List admin: [EMAIL PROTECTED]
