At Thu, 19 Jul 2018 14:17:55 -0600 Grant Taylor <gtay...@tnetconsulting.net> wrote:
> > > Content-Language: en-US > > On 07/19/2018 11:44 AM, Robert Heller wrote: > > All of which can be spoofed. > > Yes. Just about everything can be spoofed to some degree. It really > depends on what information the owner of the purported sending domain > publishes and what filtering / consumption of said information the > receiving server exercises. > > I personally feel like Mailman, and many other similar things, should > sit behind an external / edge SMTP server that does some of the heavy > lifting and provides detection of and possibly protection against many > spoofs. Yes, of course. > > > Mailman does not make any checks of the "Received:" headers (where the > > bogosity of the other headers can be determined or can flag messages as > > containing possibly spoofed headers). > > I agree that there is some data in the Received: headers that may > indicate a problem. But such information is difficult to consistently / > reliably / accurately extract or parse /without/ false positives. It > can also be difficult to correlate information across headers and > determine what should and should not be allowed. Let's not forget that > it's equally easy to spoof Received: headers as it is to spoof other > headers. }:-) I have found that just "holding" messages from an non-reversed DNS "server" (eg "Received: ... from ... unknown (nnn.nnn.nnn.nnn)"), results in only a small number of false positives. Better a *few* false positives, than tons of spam. Firewalling IP blocks, either with an actual firewall (iptables) or via access control, helps a great deal. > > > -- Robert Heller -- 978-544-6933 Deepwoods Software -- Custom Software Services http://www.deepsoft.com/ -- Linux Administration Services hel...@deepsoft.com -- Webhosting Services ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
