RFC822 is _very_ out of date, and any MTA that strictly implements it is a very poor choice for today's internet. I suggest that you look at RFC2822 and other internet resources. A secure mail box will not relay spam in this way. Consider changing to a secure MTA such as qmail on a secure OS. Sean On Fri, Sep 14, 2001 at 12:29:09PM +1000, Andrew van der Stock wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi there, > > We are detecting a large number of messages that absolutely RFC822 > compliant, but are causing our victim hosts to be delivering spam via > the use of a certain header (I do not want to divulge everything just > yet as it's absolutely RFC compliant and heavily used by legitimate > mail list software. If more spam program writers know about this, we > will not be able to stop the spam.) > > The victim hosts are relay-resistant. > > The scenario is this: SpamInjector talks with the victim mail host. > The victim mail host will accept the mail, but there's a problem. The > response from the victim box causes spam to the spam recipient, but > of course the victim host's fingerprints are all over it. > > Anyone else seeing this? We've been tossing around mechanisms to stop > it, but all the alternatives break compliance with the RFC, and will > certainly cause mail lists to be far less useful. > > thanks, > > Andrew van der Stock, MCSE, Senior Security Architect, e-Secure Pty > Ltd > "Secure in a Networked World" Phone: (03) 9699 7088 Fax: (03) > 9699 7066 > Suite 302, 370 St Kilda Rd Mobile: 0412 532 963 > Melbourne Victoria Australia Email: ajv@e-secure.com.au > ACN 068 798 194 http://www.e-secure.com.au > > -----BEGIN PGP SIGNATURE----- > Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> > > iQA/AwUBO6FrdXMQPsd9dowGEQIB2gCg+Wevw9mV1JTGaNInQIqfvTD5OuEAn2pp > h60edzNeC6C8trqmVa6CUQUu > =IJwX > -----END PGP SIGNATURE----- > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS analyzer service. > For more information on this free incident handling, management > and tracking system please see: http://aris.securityfocus.com >
This archive was generated by hypermail 2b30 : Fri Sep 14 2001 - 08:42:03 PDT