On Wed, Apr 21, 1999 at 02:48:39PM -0500, David W. Tamkin wrote:
> But I'm still puzzled. What do you say in the autoresponse? "You used an
> open relay"? The sender already knows that, so you wouldn't bother saying
> so. "We know you used an open relay and you won't get away with it"? You
> know as well as I do that that won't do any good, so you wouldn't say that.
> What, then, do you say to the sender, and how can you be sure you're getting
> the real sender and not a victim of forged headers or forged envelopes?
I suspect that most users *aren't* aware they are using an open relay. I
imagine it would be more of a warning to the unknowing user that their ISP
was misconfigured and therefore their mail would be rejected at a number
of sites.
While this misconfigured ISP may ignore outside requests to fix the open
relay, their customer is in a better position to get the fix in.
I think it's a good idea, but (as I mentioned on another list) I don't
think that hacking sendmail to accept the mail while also refusing the
mail is a good idea. There are some really broken mail systems out there
that might not accept a 5xx response at that point in the transaction. I
think that Ron's other suggestion of an automatic mailing back to the
addresss (which may be forged, granted) is better.
David
--
David Shaw | [EMAIL PROTECTED] | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
