james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Hammant <Paul_Hamm...@yahoo.com>
Subject Re: SPAM #3
Date Fri, 22 Mar 2002 13:29:10 GMT
Danny,

>>Spammers use an openrelay SMTP server to post thru.  Let's call that
>>machine A.  They make their headers appear to be from elsewhere.  Let's
>>say that is machine B (it might be real or not).  When the mail arrives
>>at machine C (it's desination), that mail server can see evidence of B
>>(clearly), but also information pertaining to A?  Or is it that only
>>information from some uplink A connects to is evident?
>>
>
>C should append a line a bit like:
>"received by C[123.123.123.123] from A[432.432.432.432] at 00:00 GMT +0000"
>
You mean ...

  B should append a line a bit like:
  "received by B[123.123.123.123] from A[432.432.432.432] at 00:00 GMT +0000"

>>If C sends a digest (subject of a new RFC) to B of the message through
>>SMTP saying "did you send this?", then there are two possibilities - (1)
>>The answer is "no I did not", or (2) no such mail server.  Does A have
>>record of the email?
>>
>
>pretty much not, once its sent or bounced the MTA is glad to get rid and
>reclaim the space.
>
>>If it does, can it determine that it was from the
>>real email user?
>>
>
>Possibly yes depending how tightly it is set up itself to prevent relaying,
>more likely no, if A has faked a message from a real user of B it would be
>hard to differentiate from a bona fide one.
>
OK, here is a lateral question : How if ServerA receives mail from 
ServerB, how does A determine if B is an open-relay type?

1) Blacklist (checks IP against table centrally maintained).
2) Asks it -> Are you open relay? ( reaches back to Server B in seperate 
connection, caches yes/no response for last 1000 mail servers)
3) Other ?

Of course I'm eluding to (2) being part of the new RFC.

- Paul





--
To unsubscribe, e-mail:   <mailto:james-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:james-dev-help@jakarta.apache.org>


Mime
View raw message