Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id ; Tue, 3 Sep 2002 11:22:58 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id ; Tue, 3 Sep 2002 11:22:58 -0400 Received: from moremagic.merlins.org ([204.80.101.251]:24995 "EHLO mail2.merlins.org") by vger.kernel.org with ESMTP id ; Tue, 3 Sep 2002 11:22:55 -0400 Date: Tue, 3 Sep 2002 08:27:05 -0700 From: Marc MERLIN To: Rogier Wolff , "Kevin P. Fleming" , Alan Cox Cc: matti.aarnio@zmailer.org, linux-kernel@vger.kernel.org Message-ID: <20020903152705.GW6579@merlins.org> References: <20020903001509.E22256@sventech.com> <20020903050504.GK6579@merlins.org> <1031066044.21409.4.camel@irongate.swansea.linux.org.uk> <20020903001509.E22256@sventech.com> <20020903050504.GK6579@merlins.org> <3D74AABE.5050207@cox.net> <20020903001509.E22256@sventech.com> <20020903050504.GK6579@merlins.org> <20020903090516.B15921@bitwizard.nl> Mime-Version: 1.0 Content-Disposition: inline In-Reply-To: <1031066044.21409.4.camel@irongate.swansea.linux.org.uk> <3D74AABE.5050207@cox.net> <20020903090516.B15921@bitwizard.nl> User-Agent: Mutt/1.3.28i X-Sysadmin: BOFH X-URL: http://marc.merlins.org/ X-Operating-System: Proudly running Linux 2.4.14-lvm1.0.1rc4-ext3-0.9.15-servers11-up/Debian woody X-Mailer: Some Outlooks can't quote properly without this header Subject: Re: Stupid anti-spam testings... Content-Type: text/plain; charset=us-ascii Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 2817 Lines: 60 [BTW, I didn't specify, please CC me on answers, I'm not on lk anymore] On Tue, Sep 03, 2002 at 09:05:16AM +0200, Rogier Wolff wrote: > > a) can obviously be faked by spammers, but I still think it'd work for > > quite a while: spammers who are smart enough already fake valid > > envelope and header froms, so they wouldn't have to add the header > > This would quickly prevent detection of the problems that you > intended to catch: Someone will blindly add the header, and before > you know it, they fill in a bad "sender" somewhere.... That's what I just said, if they bother to add the extra header, they could just as well fake the envelope from to point to some yahoo account, without needing to set the said header. On Tue, Sep 03, 2002 at 05:27:42AM -0700, Kevin P. Fleming wrote: > This won't work; sender verify callouts (at least in Exim) are done at > MAIL FROM: time, I believe, in addition to after the headers have been > delivered. In exim 3 yes, in exim 4, you can do what I explained (sorry, I should have been specific about which version) Details on the exim-users list if needed. > I think caching is the way to go, no doubt. If noone else mentions that > they're working on it this week, I'll do so on Friday. Caching is indeed the number 1 solution, a BL On Tue, Sep 03, 2002 at 04:14:04PM +0100, Alan Cox wrote: > Matti, it seems a more productive approach would be to make sure that > vger deliberately trips the idiot spam filters into failing. That way > people will rapidly leave the list or fix their systems. 1) exim callbacks are _not_ spam filters, they almost garantee that you only accept mail that you can reply to and/or bounce. If your envelope from points to foohost.domain.tld with some non routable IP, my only way to tell you that I won't be able to send you bounces is to refuse your mail at SMTP time. If you send mail from a non existant account (by mistake), same thing. SMTP callbacks just happen to also catch a lot of badly formatted spam, but that's not their main goal 2) There aren't many ways you can cause exim callbacks to fail without refusing real mail. (you can look at the callback rate in your logs and block the IPs, that's about it) Marc -- "A mouse is a device used to point at the xterm you want to type in" - A.S.R. Microsoft is to operating systems & security .... .... what McDonalds is to gourmet cooking Home page: http://marc.merlins.org/ | Finger marc_f@merlins.org for PGP key - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/