One last reply and then I suggest this go off-list ...
On 3/23/06, Professional Software Engineering
At 14:31 2006-03-22 -0800, Bart Schaefer wrote:
When you connect to a Verizon MX on port 25 and issue MAIL
FROM:<foo(_at_)bar(_dot_)com>, Verizon doesn't answer until it first connects
back to the MX for bar.com, issues RCPT TO:<foo(_at_)bar(_dot_)com>
An irony is that their approach does NOTHING to address forgeries - they
merely verify that the supposed sender address is legit.
As I mentioned, I have another MX fronting on my verizon mailbox for
mail to my personal domain. That is, the other MX accepts mail (it
knows my list of valid user names so it can properly reject bogus
recipients at SMTP time), does SpamAssassin filtering, and forwards
what doesn't look spammy to my verizon mailbox. Verizon's callback
tactic blocks about 50% of the spam that makes it through
SpamAssassin. So even though I agree that it's stupidly executed,
it's not ineffective. (Of course I have no idea how well it would
work as the *only* spam-protection on that mailbox.)
Note the "aborted by sender" - this is because the cheezewads at verizon
just _DROP_ the SMTP connection after getting the information they
need. They do not close it appropriately with a QUIT.
Perhaps they've been reading their Daniel J. Bernstein (author of the
qmail MTA), who has always argued that QUIT is a waste of bandwidth
(unnecessary extra sync step).
procmail mailing list Procmail homepage: http://www.procmail.org/