I'm confused. It seems to me that the tests being run still do not definitively test for the success of a relay. So, if I have a nice tricky mailer that simply routes the stuff to /dev/null after the DATA completion, I'll get listed. [1] That, to be frank, is absurd.
It is completely my choice whether to accept the spam content before sending it to /dev/null. In fact, I would arguably be doing the community a service by doing so because it would tie up the resources of the spammer by requiring all the data to be sent before either a) the sender is released to send its next message and/or b) the failure is noted.[2] I'll contribute my bandwidth to the cause of slowing down the spammers. Consider it charity. [3] In the more innocent world of RFC 821, I should behave a certain way once I "accept responsibility" for the delivery of a message. This is no longer that world. Just as in the case where I accept a virus (no error at the end of the DATA stream) and then send it to /dev/null when I determine the message to be "of no business use," I can determine that a message accepted by the server is "of no business use" based on my internal policies and send it to the bit bucket. There's no open relay here. I guess the problem I have with the description below is that the criteria isn't "delivery of relay mail," but rather "receipt of relay mail." But perhaps I'm confused about the difference between a perfect world and one that functions adequately. And if you're reading this, Paul, best to your wife. cheers, Andy [1] No, Paul, this is not an invitation to add me to your draconian list. [2] Depends on whether I want to just toss to /dev/null or say "Thanks, I've tossed this to /dev/null." [3] This is just a viewpoint, no actual bandwidth was harmed in the telling of this story. ======================================================= Andy Webb [EMAIL PROTECTED] www.swinc.com Simpler-Webb, Inc. Austin, TX 512-322-0071 -- Eating XXX Chili at Texas Chili Parlor since 1989 -- ======================================================= -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 06, 2001 4:36 PM To: Exchange Discussions Cc: [EMAIL PROTECTED] Subject: Re: RFC2821 - For those who were following the ORB UK thread. > I asked John, who is the author of the RFC his opinion. Here is his > response. It's an interesting view. I don't entirely agree with it, since it's not entirely consistent with what the original RFC, 821, seems to suggest. 821, of course, was written in a more innocent time, when spammers didn't steal resources and everyone on the net helped everyone else a lot more than they do (or seem to) now. >From my point of view (wearing my ORB UK hat) I am not going to change the procedures to wait for a 554 on DATA for preliminary re-testing, which is what this was. Without revealing my methods, let me explain my methodology, which might help many people understand why I am so strict when I deal with removals. When someone sends me a relay report, my system automatically checks if it is listed already, flagging it if it is, and tests it. I have no input at that stage. My tester runs 19 different relay tests, including all known SMTP exploits, and 2 proxy exploits that are now common. If you fail ANY of those tests (by actual receipt of relay mail) you are listed. If you pass OR fail, Then you are tested for RFC Compliance by acceptance of postmaster@domain, postmaster and postmaster@[ip.add.re.ss]. Again, if any of these fail, even if you pass on Relay, you are listed. This is how 95% of MS Exchange boxes end up listed, BTW. When you email for removal, I do the work manually. I do a preliminary retest using abuse.net. IF you fail it, I tell you so, quoting the result. If you pass, I put your IP into the testing queue, which, when you pass ALL of the tests, removes your listing, since the 'listed' flag is true. The exploits tested cover straight Relaying, Disguised relaying, local.part relaying, UUCP Path, Corrupted path, invalid characters, open firewall, and open proxy. The exploits affect Sendmail, Exim, Exchange, Mailtraq and many others. They are well known and documented, I have no need to repeat them here. I hope that helps explain why I seem somewhat brusque when people insist that I am wrong in my manual testing. I am actually trying to help you, and realise I can't get the shotgun out :-) It also hasn;t helped recently that I've been getting home from Hospital at a little after 8pm, having been there with my wife for the previous 12 hours every day this week. I've been having very little sleep, and as a result of both worry, insomnia, and general intolerance for spammers, I was less than amicable in my attitude. For that I apologise. It has now been confirmed that my wife is not going to lose our first child, and that the pregnancy is progressing normally. Yesterday her appendix was removed... So, as I'm am sure you can see, I have been concerned with Reallife (tm) for the last few days, yet still had to deal with crap from spammers, who I am successfully blocking, cartoonying me on a daily basis, as well as ongoing dDOS attacks on my DNS servers. I know this doesn't excuse blatant rudeness, and I'm not asking for sympathy, just thought it might help to explain. -- Dr Paul Cummins - Internet Engineer | /"\ ASCII RIBBON Tel: 07021 117179 Fax: 07092 105150 + \ / CAMPAIGN Email: [EMAIL PROTECTED] | X AGAINST HTML MAIL | / \ AND POSTINGS _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
