OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Greg A. Woods (woodsweird.com)
Date: Thu Nov 01 2001 - 10:31:09 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    [ On Thursday, November 1, 2001 at 00:29:35 (-0800), Ronald F. Guilmette wrote: ]
    > Subject: Re: another interesting spam trick...
    >
    >
    > I agree that it _should't_ be necessary, but if you are trying to bend
    > over backwards to avoid false positives, then you will use the ``trimming''
    > of domain names that I described, also, as part of your validation of the
    > HELO/EHLO name.

    NO! No trimming! We already bend over backwards by allowing a literal
    IP address!!!! If the sending SMTP client can't get either one of those
    right then it does not deserve any more attention than any other loud
    racuous fraud who's claiming to be someone he or she obviously is not
    and can not be!

    > I wish I had a dollar for every mail server I had ever seem whose HELO name
    > was something like:
    >
    > mail.jakes-pizza-planet.com
    >
    > and where that domain name has -ZERO- `A' records (i.e. doesn't resolve
    > at all) but where if you look up the MX records for just
    >
    > jakes-pizza-planet.com
    >
    > you'll get something like:
    >
    > exchange.jakes-pizza-planet.com
    >
    > and that name _will_ resolve, and it will resolve properly to the IP of
    > the server in question.

    Who cares?!?!?!? The sending SMTP client and/or its DNS is _misconfigured_!

    They can (very easily) fix it, or have their e-mail bounce! It's really
    that simple! Once 10% or more of their e-mail bounces they might start
    to get a clue and ask for help!

    > There's no reason not to go the extra mile to be lenient about these kinds
    > of cases.

    Oh, on the contrary! You're ever changing, ever more complex work
    arounds to accomodate them is reason enough, but it's far from the only
    reason!

    > You aren't going to get more spam if you are a bit forgiving of
    > these cases, but you WILL lower your false positive rate a bit.

    Oh, but you are! The spammers began to adapt to these things a couple
    of years ago already!

    You can invent any number of complex twisted rules to accomodate
    idiots. For example now you've gone from looking up PTRs to doing full
    MX lookups (MX+A RRs) for the greeting name! Where does it end? I'll
    tell you: it _never_ ends so long as you try to accomodate the bumbling
    fools ("just as soon as you make something foolproof, along comes
    another fool!").

    However the _real_ rules (i.e. what we've generally agreed the RFCs
    should be interpreted as saying in today's context) are _trivially_
    simple. If the idiots running mail servers can not make their systems
    conform to even these very trivial real rules then they do not deserve
    to be able to send any e-mail, spam or not, until they figure out how to
    do it right. 

    -- 
							Greg A. Woods

    +1 416 218-0098      VE3TCP      <gwoodsacm.org>     <woodsrobohack.ca>
Planix, Inc. <woodsplanix.com>;   Secrets of the Weird <woodsweird.com>
-
To unsubscribe, send mail to majordomopostfix.org with content
(not subject): unsubscribe postfix-users