Re: Run a mail host with a public MX record? Seeing large numbers of bounces?

• Previous message: Ryan Hill: "RE: Possible new trojan?"
• In reply to: Sean Hunter: "Re: Run a mail host with a public MX record? Seeing large numbers of bounces?"
• Next in thread: Andrew van der Stock: "Workaround for (RE: Run a mail host with a public MX record? Seeing large numbers of bounces?)"
• Reply: Andrew van der Stock: "Workaround for (RE: Run a mail host with a public MX record? Seeing large numbers of bounces?)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

As many people have pointed out to me, I misunderstood the initial posting.

The fix that I use is to disallow connections from known spammers.  You can use
any one of a number of public lists for this.  I fine-tune them by addding
white and blacklists of my own.

If they can't connect, they cant spam you or use you for spam.

Sean

On Fri, Sep 14, 2001 at 10:19:51AM +0100, Sean Hunter wrote:
> RFC822 is _very_ out of date, and any MTA that strictly implements it is a very
> poor choice for today's internet.  I suggest that you look at RFC2822 and other
> internet resources.
> 
> A secure mail box will not relay spam in this way.  Consider changing to a
> secure MTA such as qmail on a secure OS.
> 
> Sean
> 
> On Fri, Sep 14, 2001 at 12:29:09PM +1000, Andrew van der Stock wrote:
> > 
> >  
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> > 
> > Hi there,
> > 
> > We are detecting a large number of messages that absolutely RFC822
> > compliant, but are causing our victim hosts to be delivering spam via
> > the use of a certain header (I do not want to divulge everything just
> > yet as it's absolutely RFC compliant and heavily used by legitimate
> > mail list software. If more spam program writers know about this, we
> > will not be able to stop the spam.)
> > 
> > The victim hosts are relay-resistant.
> > 
> > The scenario is this: SpamInjector talks with the victim mail host.
> > The victim mail host will accept the mail, but there's a problem. The
> > response from the victim box causes spam to the spam recipient, but
> > of course the victim host's fingerprints are all over it.
> > 
> > Anyone else seeing this? We've been tossing around mechanisms to stop
> > it, but all the alternatives break compliance with the RFC, and will
> > certainly cause mail lists to be far less useful. 
> > 
> > thanks,
> > 
> > Andrew van der Stock, MCSE, Senior Security Architect, e-Secure Pty
> > Ltd
> > "Secure in a Networked World"     Phone:  (03) 9699 7088 Fax: (03)
> > 9699 7066
> > Suite 302, 370 St Kilda Rd        Mobile: 0412 532 963
> > Melbourne Victoria Australia      Email:  ajv@e-secure.com.au
> > ACN 068 798 194                   http://www.e-secure.com.au 
> > 
> > -----BEGIN PGP SIGNATURE-----
> > Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>
> > 
> > iQA/AwUBO6FrdXMQPsd9dowGEQIB2gCg+Wevw9mV1JTGaNInQIqfvTD5OuEAn2pp
> > h60edzNeC6C8trqmVa6CUQUu
> > =IJwX
> > -----END PGP SIGNATURE-----
> > 
> > 
> > ----------------------------------------------------------------------------
> > This list is provided by the SecurityFocus ARIS analyzer service.
> > For more information on this free incident handling, management 
> > and tracking system please see: http://aris.securityfocus.com
> > 

• application/pgp-signature attachment: stored

• Next message: Firehose: "Red Cross Fraud"
• Previous message: Ryan Hill: "RE: Possible new trojan?"
• In reply to: Sean Hunter: "Re: Run a mail host with a public MX record? Seeing large numbers of bounces?"
• Next in thread: Andrew van der Stock: "Workaround for (RE: Run a mail host with a public MX record? Seeing large numbers of bounces?)"
• Reply: Andrew van der Stock: "Workaround for (RE: Run a mail host with a public MX record? Seeing large numbers of bounces?)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Sep 15 2001 - 09:51:50 PDT