On Tue, 18 Mar 2003 11:48:17 EST, David Green said:
If the email is From:
foo(_at_)bar(_dot_)baz(_dot_)biz(_dot_)buz(_dot_)co(_dot_)uk, you would query
the MT
for "bar.baz.biz.buz.co.uk". You would never drop any parts of the name.
You got it backwards. If the mail is 'From: valdis(_at_)vt(_dot_)edu', you
need to
suck down all 200 or so MT entries in the vt.edu domain and see if my IP
is one of them.
And it's even more borked for mailing lists, because the From: and To:
don't have much to do with what's going on. The mail server for couchpotato.net
would be looking at this message, and complaining because the ietf.org
mail server isn't an MT for the vt.edu in the From: field.
Oh, and this message is coming to you direct, and a cc: to the list - explain
how your scheme handles each of the copies that are arriving.
If you get it to work for mailing lists, run it again for the case of a
spammer making the spam LOOK like a mailing list posting (hint - they're
usually pretty similar already).
Looking at the MAIL FROM: in the envelope doesn't provide much more joy.
(As an aside to the person who suggested logging the MAIL FROM in the From:
field - did you really WANT it to look like:
From:
bugtraq-return-8764-Valdis(_dot_)Kletnieks=vt(_dot_)edu(_at_)securityfocus(_dot_)com
on behalf of
From:
owner-nolist-LSOFT-030205B*Valdis*-Kletnieks**VT*-EDU(_at_)MM(_dot_)EASE(_dot_)LSOFT(_dot_)COM
on behalf ov
Yes - imagine that. Some list management software encodes the destination
address in the envelope so it can identify a bounce even if the bounce is
misformatted, as long as it goes back to the RFC821 MAIL FROM like it's
supposed to.)
Every MX either sends to a server that trusts it (a relay), or to the
recipient's MX. The only restriction here is that the MX that initiates
the final hop to the recipient's MX must be listed as an MT for the
sender's domain.
OK. So let's say this happens:
joe(_at_)non-spam(_dot_)com sends you mail. Your server is down. So he
sends it to mail.mx-are-us.com (your off-site MX service). mx-are-us
sticks on a Auth-By: header. Later on, your server comes up. mx-are-us
sends you the mail. Now let's say you do the totally legal thing of not
preserving the Auth-By, so you strip it off. Now you're looking at mail
coming from mx-are-us, with 'From: joe(_at_)non-spam(_dot_)com'. You look up
the
MT list for non-spam.com, and get back 23 entries - and none of them are
mx-are-us.com. Now what do you do?
The point is you need to tighten up the language about what to do if
accepting relayed mail. The current language:
SMTP servers SHOULD remove any Authorized-By SMTP headers of
incoming mail. They MAY be configurable to preserve Authorized-By
headers on incoming mail from a set of trusted servers.
is broken. For it to be workable, you need to make it a 'MUST preserve'
for the case of mail coming from your MX'es.
pgpo8zvPb4DHy.pgp
Description: PGP signature