----- Original Message -----
From: "Arnt Gulbrandsen" <arnt(_at_)gulbrandsen(_dot_)priv(_dot_)no>
Hector Santos writes:
You better reconsider being more relaxed with that MAIL FROM: strict
syntax I'm sure you will get hit by other servers
In the past week, 100% of the mail arriving at work with
MAIL FROM: <...
or
RCPT TO: <...
was spam. Good fodder for bayesian analysis.
(Btw, I didn't discover this; der Mouse told me.)
Interesting. Very interesting.
Well, I'm little hot under the collar right now. Apparently, two revisions
ago our wcSMTP outbound server introduced a space. So we got a get a hotfix
out asap today for this mite. But our inbound server has always allowed
for a space simply because it was always possible. It never rejected because
it had space. Claus's Sendmail "X.0.0.Alpha4.0" server/version is the first
time I've encountered such a restriction.
Does anyone have any historistical perspective on this?
Anyway, I did some log analysis on this and you're right; a good bit of the
transactions which "appeared" to be from spammers had spaces. I also
noticed the Microsoft Outlook MUA also uses a space.
You're right. I might fit well in a bayesian analyzer.
Here's another one. This is the SendMail.com server:
220 foon.sendmail.com ESMTP Sendmail Switch-3.1.7/Switch-3.1.7;
Thu, 30 Jun 2005 03:55:50 -0700
helo smtp.sendmail.com
250 foon.sendmail.com Hello adsl-10-44-25.mia.bellsouth.net [65.10.44.25],
pleas
ed to meet you
See the problem? [Hint: Spoofing]
Lets check Claus's esmtp.org server:
220 zardoc.esmtp.org ESMTP sendmail X.0.0.Alpha4.0
helo zardoc.esmtp.org
250 zardoc.esmtp.org Hi there
mail from: <>
501 5.1.7 Bad sender's mailbox address syntax.
Wonderful! Its worry about a space, but it doesn't protect its own local
domains! <g>
On a good day, I catch about 12% of these at my server.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com