Return-Path: Delivered-To: apmail-jakarta-james-dev-archive@apache.org Received: (qmail 35648 invoked from network); 22 Mar 2002 17:42:44 -0000 Received: from unknown (HELO nagoya.betaversion.org) (192.18.49.131) by daedalus.apache.org with SMTP; 22 Mar 2002 17:42:44 -0000 Received: (qmail 14568 invoked by uid 97); 22 Mar 2002 17:42:47 -0000 Delivered-To: qmlist-jakarta-archive-james-dev@jakarta.apache.org Received: (qmail 14552 invoked by uid 97); 22 Mar 2002 17:42:47 -0000 Mailing-List: contact james-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "James Developers List" Reply-To: "James Developers List" Delivered-To: mailing list james-dev@jakarta.apache.org Received: (qmail 14541 invoked from network); 22 Mar 2002 17:42:47 -0000 From: "Danny Angus" To: "James Developers List" Subject: RE: SPAM #3 Date: Fri, 22 Mar 2002 17:42:05 -0000 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <3C9B31A6.2060500@yahoo.com> X-Mimeole: Produced By Microsoft MimeOLE V5.00.2919.6700 Importance: Normal X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Paul, Read your own scenario mate ;-) > >>Spammers use an openrelay SMTP server to post thru. Let's call that > >>machine A. They make their headers appear to be from elsewhere. Let's > >>say that is machine B (it might be real or not). When the mail arrives > >>at machine C (it's desination), that mail server can see evidence of B > >>(clearly), but also information pertaining to A? Or is it that only > >>information from some uplink A connects to is evident? Mail originating at A is received by C purporting to have come from B Machine C should insert the line denominating the hostname and IP address of the machine it was connected to when the message arrived, and its own details (for refrence downstream) and the time in the rfc822 format. Machine A may have spoofed the line suggesting that it originated at B, and was passed on by A. > OK, here is a lateral question : How if ServerA receives mail from > ServerB, how does A determine if B is an open-relay type? >From 1st principles you could use the same way spammers do, try to deliver a message to it addressed to somewhere you know it shouldn't accept mail for (yourself) and wait for the message to be recieved. (For your curiosity I've attached such a message from my daily harvest of tests by spammers of one of our James installations) > 1) Blacklist (checks IP against table centrally maintained). +1 > 2) Asks it -> Are you open relay? ( reaches back to Server B in seperate > connection, caches yes/no response for last 1000 mail servers) If you are running an open relay through ignorance is there any reason to trust this response? If you are doing it through mailce this will be worse than unreliable, it will be actively misleading, unless there's more to your idea.. d. -- To unsubscribe, e-mail: For additional commands, e-mail: