On Sat, 28 Mar 2009 00:50:21 -0500, Matthew Weigel wrote:
>Rod Whitworth wrote:
>
>>>> Anybody run into this kind of logic before?
>>> Yes, that's part of how greytrapping works:
>>> http://www.openbsd.org/cgi-bin/man.cgi?query=spamd#GREYTRAPPING
>>
>> No. That is NOT how greytrapping works. RTFM more carefully.
>>
>> spamd NEVER issues a 2xx code, because it NEVER accepts any mail.
>
>I did RTFM carefully. I don't see anything in the spamd manpage that
>indicates one way or another what response is sent in the specific case of
>greytrapping.
* see below at ***
> So I assumed it did, because that's the way I've seen other
>greytrapping systems whose code I've read worked. Perhaps you can point out
>my mistake.
>
>But your comment got me curious, so I poked at the source, and it looks like
>it never lets the sender get far enough in the DATA to be done before issuing
>a 450/550 (per -4/-5); it only issues 2xx codes (and it's not "NEVER") to
>string the connection along.
Well I thought you would have realised that you need to send 2xx in
response to HELO/EHLO, MAIL FROM: and RCPT TO: commands to gather the
data. They are not the codes logged by the OP, and that is what I meant
when I spoke about not issuing a 250. I did say " spamd NEVER issues a
2xx code, because it NEVER accepts any mail." meaning that the OP would
not have a 250 in his logs if he was greytrapped
A 5xx code will abort the process whenever it is issued and
greytrapping needs to string the client MTA along until (usually) the
sender aborts the transaction or has terminated the DATA phase ( a dot
on an otherwise empty line) when a 450 will be sent.
Note that greytrapping is only really effective using 450 (to waste
more of the spammer's time) and the manpage says:
***
"GREYTRAPPING
When running spamd in default mode, it may be useful to define
spamtrap
destination addresses to catch spammers as they send mail from
greylisted
hosts. ........."
Notice the "default mode" up there? -4 is the default, as the manpage
says:
" -4 For blacklisted entries, return error code 450 to the spammer
(default)."
Those are the bits you missed. Speed reading has its downside.
>
>>> I've seen other implementations do greytrapping for *every* invalid
>>> address that comes through, too.
>>
>> And that's a great way to blacklist a genuine sender who misheard an
>> email address and so misspelled it. S/he will never get a 5xx that
>> flags the problem.
>
>John Brooks asked if anyone had run into this before. Yes, I have. Hell, I'm
>pretty sure this approach has been presented at LISA before.
*** NOTE *** Please DO NOT CC me. I <am> subscribed to the list.
Mail to the sender address that does not originate at the list server is
tarpitted. The reply-to: address is provided for those who feel compelled to
reply off list. Thankyou.
Rod/
/earth: write failed, file system is full
cp: /earth/creatures: No space left on device
