spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Cole" <sausers-20150...@billmail.scconsult.com>
Subject Re: Fake EHLO triggering ALL_TRUSTED
Date Fri, 05 Jul 2019 14:55:45 GMT
On 5 Jul 2019, at 10:30, David Jones wrote:

> On 7/5/19 9:09 AM, Bill Cole wrote:
>> On 5 Jul 2019, at 9:37, David Jones wrote:
>>
>>> For the sake of others, it would be beneficial if the default 
>>> behavior
>>> of X-Relay-Countries changed to the X-Relay-Countries-MSA.
>>
>> Definitely not for 3.4.3. Preferably not at all. While I agree in
>> principle with having some way to trust machines as honest without
>> trusting their authentication systems to be bulletproof, that 
>> shouldn't
>> involve changing a useful stable feature in a way that will break
>> reasonable configurations. That change would cause substantial false
>> positives at some sites if deployed without carefully considered
>> preparation. It would be a poison pill for packagers who value 
>> stability.
>>
>>
>
> I believe the only change would be the Relay-Countries value would 
> have
> country codes in it.

Yes, which it shouldn't.

It may sound weird, but it is true that I work with 2 mostly unrelated 
mail systems where mail comes in via MSAs whose authentication is 
trustworthy from end-users who live and/or travel in places that send 
those systems very little legitimate mail via untrusted/unauthenticated 
sources.

> We aren't suggesting changing any other logic so
> the ALL_TRUSTED would still hit and RBLs would not be check on
> authenticated IPs.
>
> Is your concern the RBL checks on those authenticated IPs?

No. My concern is about changing what is in Relay-Countries.

-- 
Bill Cole
bill@scconsult.com or billcole@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)

Mime
View raw message