"Russell P. Sutherland" <[EMAIL PROTECTED]> wrote:
>According to the www.orbs.org battery of tests,
>the qmail smtp daemon "fails" in the case:
>
> MAIL FROM:<[EMAIL PROTECTED]>
> RCPT TO:<victim%target@{relay}>
>
> {relay} is tested as both [IP.address] and reverse.DNS.name.
>
> Heavily exploited by spammers and mailbombers.
> Most Lotus Notes/Domino installations fail this. Recently fixed - see
>
>[ See: http://www.orbs.org/envelopes.cgi for this reference.
> Test out your qmail daemon using the http://maps.vix.com/tsi/ar-test.html
> engine.]
>
>This being the case, how does one _prevent_ a mail server which
>is running qmail to be _not_ included in the orbs database?
Sigh. It's getting to the point that anti-spam tactics and propaganda
are consuming more resources than spam.
qmail will only allow hosts listed in control/percenthack to
successfully relay using %-style addresses. If ORBS is taking
qmail-smtpd's failure to immediately reject such addresses as
confirmation that the message will be relayed, it's wrong.
-Dave
