At 8:31 AM -0500 5/28/01, Dave Martin imposed structure on a stream
of electrons, yielding:
>Had the following come through--spam, of course--and wondered if SIMS
>shouldn't verify From, Return-Path and Reply-To domains if the "Verify
>Return-Path" option is checked.
>
>>SYSTEM [S.0000505048] S.0000505048 0+1 From:[EMAIL PROTECTED]
>>SYSTEM(POP) [S.0000505048] delivered to (account)
>>SYSTEM [S.0000505049] <AUTOS.0000505048-505049@mydomain> 1+0 From:NULL@NULL
>>SYSTEM [S.0000505048] deleted
>>SMTP-223(hhjjkkkk) Failed to get IP addresses. Error Code=-3170
>>SMTP [S.0000505049] dequeueing
>>SYSTEM(SMTP) [S.0000505049] failed on (hhjjkkkk)jkl. Error Code=-15001
>>SYSTEM Return Receipt failed: headers are too long
>
>In this case, the account that received the spam sends an auto-reply. So
>SIMS verifies and thus accepts the "gcn.net.tw" host in the From field as
>valid, but then tries to SEND the auto-reply to "jkl@hhjjkkkk", which it
>never verified.
>
>Yes, I realize that you can't verify such Reply-To's as NULL@NULL or
>such, but shouldn't SIMS check all response hosts for validity,
>especially if it's going to reply automatically to an unverified one?
>
>Just being able to refuse messages from invalid domains (such as the
>above) would be nice.
SIMS already DOES that. That's what "Verify Return Paths" does.
However the above seems to indicate that the failure was in creating
and delivering a Return Receipt to "(hhjjkkkk)jkl" which is SIMS way
of writing 'jkl@hhjjkkkk'. That means that the message had a
"Return-Receipt-To" header with that address. SIMS does NOT check
headers on incoming mail for anything, it only checks the SMTP
envelope. It seems that in this case the envelope return path was
[EMAIL PROTECTED], and that has a valid domain.
>Or is there something I'm not considering that makes such rejection a bad
>thing?
Rejecting based on headers is not a bad thing so much as it is a
low-return effort. The headers come in with the message body after
the DATA command, so you've already wasted your bandwidth by the time
they can be analyzed. If you the actually reject the mail, there's a
fair chance of the sending side misunderstanding and attempting to
resend later (more wasted bandwidth) and there's always the risk of
whacking messages that you may not want to. The logic of which
headers to verify and what mix of validity to accept is actually not
simple, and different sites may want different standards.
--
Bill Cole
[EMAIL PROTECTED]
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
