james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Hammant <Paul_Hamm...@yahoo.com>
Subject Re: SPAM #3 (ORBZ.org)
Date Fri, 22 Mar 2002 14:18:47 GMT
Folks,
   http://www.theregister.co.uk/content/6/24544.html

Were they trying to use spamming techniques to compile a list of failing 
mail servers?  And this in breach of DMCA or and hacking legislation? 
 If there were a RFC ilustrating "HELO, RU-AN-OPEN-RELAY, THNX, BYE" , 
then it might not have gone to court/lawyers.

- Paul

> Danny,
>
>>> Spammers use an openrelay SMTP server to post thru.  Let's call that
>>> machine A.  They make their headers appear to be from elsewhere.  Let's
>>> say that is machine B (it might be real or not).  When the mail arrives
>>> at machine C (it's desination), that mail server can see evidence of B
>>> (clearly), but also information pertaining to A?  Or is it that only
>>> information from some uplink A connects to is evident?
>>>
>>
>> C should append a line a bit like:
>> "received by C[123.123.123.123] from A[432.432.432.432] at 00:00 GMT 
>> +0000"
>>
> You mean ...
>
>  B should append a line a bit like:
>  "received by B[123.123.123.123] from A[432.432.432.432] at 00:00 GMT 
> +0000"
>
>>> If C sends a digest (subject of a new RFC) to B of the message through
>>> SMTP saying "did you send this?", then there are two possibilities - 
>>> (1)
>>> The answer is "no I did not", or (2) no such mail server.  Does A have
>>> record of the email?
>>>
>>
>> pretty much not, once its sent or bounced the MTA is glad to get rid and
>> reclaim the space.
>>
>>> If it does, can it determine that it was from the
>>> real email user?
>>>
>>
>> Possibly yes depending how tightly it is set up itself to prevent 
>> relaying,
>> more likely no, if A has faked a message from a real user of B it 
>> would be
>> hard to differentiate from a bona fide one.
>>
> OK, here is a lateral question : How if ServerA receives mail from 
> ServerB, how does A determine if B is an open-relay type?
>
> 1) Blacklist (checks IP against table centrally maintained).
> 2) Asks it -> Are you open relay? ( reaches back to Server B in 
> seperate connection, caches yes/no response for last 1000 mail servers)
> 3) Other ?
>
> Of course I'm eluding to (2) being part of the new RFC.
>
> - Paul
>
>
>
>
>
> -- 
> To unsubscribe, e-mail:   
> <mailto:james-dev-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: 
> <mailto:james-dev-help@jakarta.apache.org>
>
>
>




--
To unsubscribe, e-mail:   <mailto:james-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:james-dev-help@jakarta.apache.org>


Mime
View raw message