james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Danny Angus" <da...@thought.co.uk>
Subject RE: SPAM #3
Date Fri, 22 Mar 2002 17:42:05 GMT
Paul,

Read your own scenario mate ;-)

> >>Spammers use an openrelay SMTP server to post thru.  Let's call that
> >>machine A.  They make their headers appear to be from elsewhere.  Let's
> >>say that is machine B (it might be real or not).  When the mail arrives
> >>at machine C (it's desination), that mail server can see evidence of B
> >>(clearly), but also information pertaining to A?  Or is it that only
> >>information from some uplink A connects to is evident?


Mail originating at A is received by C purporting to have come from B

Machine C should insert the line denominating the hostname and IP address of
the machine it was connected to when the message arrived, and its own
details (for refrence downstream) and the time in the rfc822 format.
Machine A may have spoofed the line suggesting that it originated at B, and
was passed on by A.

> OK, here is a lateral question : How if ServerA receives mail from
> ServerB, how does A determine if B is an open-relay type?

>From 1st principles you could use the same way spammers do, try to deliver a
message to it addressed to somewhere you know it shouldn't accept mail for
(yourself) and wait for the message to be recieved.
(For your curiosity I've attached such a message from my daily harvest of
tests by spammers of one of our James installations)

> 1) Blacklist (checks IP against table centrally maintained).
+1
> 2) Asks it -> Are you open relay? ( reaches back to Server B in seperate
> connection, caches yes/no response for last 1000 mail servers)

If you are running an open relay through ignorance is there any reason to
trust this response?
If you are doing it through mailce this will be worse than unreliable, it
will be actively misleading, unless there's more to your idea..

d.


--
To unsubscribe, e-mail:   <mailto:james-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:james-dev-help@jakarta.apache.org>


Mime
View raw message