Re: Run a mail host with a public MX record? Seeing large numbers of bounces?

From: Sean Hunter (seanat_private)
Date: Fri Sep 14 2001 - 02:19:51 PDT

Next message: Ryan Hill: "RE: Possible new trojan?"

Previous message: Richie B.: "Re: Run a mail host with a public MX record? Seeing large numbers of bounces?"
In reply to: Andrew van der Stock: "Run a mail host with a public MX record? Seeing large numbers of bounces?"
Next in thread: Sean Hunter: "Re: Run a mail host with a public MX record? Seeing large numbers of bounces?"
Reply: Sean Hunter: "Re: Run a mail host with a public MX record? Seeing large numbers of bounces?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

RFC822 is _very_ out of date, and any MTA that strictly implements it is a very
poor choice for today's internet.  I suggest that you look at RFC2822 and other
internet resources.

A secure mail box will not relay spam in this way.  Consider changing to a
secure MTA such as qmail on a secure OS.

Sean

On Fri, Sep 14, 2001 at 12:29:09PM +1000, Andrew van der Stock wrote:
> 
>  
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi there,
> 
> We are detecting a large number of messages that absolutely RFC822
> compliant, but are causing our victim hosts to be delivering spam via
> the use of a certain header (I do not want to divulge everything just
> yet as it's absolutely RFC compliant and heavily used by legitimate
> mail list software. If more spam program writers know about this, we
> will not be able to stop the spam.)
> 
> The victim hosts are relay-resistant.
> 
> The scenario is this: SpamInjector talks with the victim mail host.
> The victim mail host will accept the mail, but there's a problem. The
> response from the victim box causes spam to the spam recipient, but
> of course the victim host's fingerprints are all over it.
> 
> Anyone else seeing this? We've been tossing around mechanisms to stop
> it, but all the alternatives break compliance with the RFC, and will
> certainly cause mail lists to be far less useful. 
> 
> thanks,
> 
> Andrew van der Stock, MCSE, Senior Security Architect, e-Secure Pty
> Ltd
> "Secure in a Networked World"     Phone:  (03) 9699 7088 Fax: (03)
> 9699 7066
> Suite 302, 370 St Kilda Rd        Mobile: 0412 532 963
> Melbourne Victoria Australia      Email:  ajv@e-secure.com.au
> ACN 068 798 194                   http://www.e-secure.com.au 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
> 
> iQA/AwUBO6FrdXMQPsd9dowGEQIB2gCg+Wevw9mV1JTGaNInQIqfvTD5OuEAn2pp
> h60edzNeC6C8trqmVa6CUQUu
> =IJwX
> -----END PGP SIGNATURE-----
> 
> 
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS analyzer service.
> For more information on this free incident handling, management 
> and tracking system please see: http://aris.securityfocus.com
>

application/pgp-signature attachment: stored

Next message: Ryan Hill: "RE: Possible new trojan?"
Previous message: Richie B.: "Re: Run a mail host with a public MX record? Seeing large numbers of bounces?"
In reply to: Andrew van der Stock: "Run a mail host with a public MX record? Seeing large numbers of bounces?"
Next in thread: Sean Hunter: "Re: Run a mail host with a public MX record? Seeing large numbers of bounces?"
Reply: Sean Hunter: "Re: Run a mail host with a public MX record? Seeing large numbers of bounces?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Sep 14 2001 - 08:42:03 PDT