On Thu, Oct 23, 2003 at 01:44:25AM +0700, Brad Knowles wrote:
At 12:09 AM -0400 2003/10/22, Richard Rognlie wrote:
And remember, I'm not specifying that mail from
has to come from "the" gamerz.net RMX... just taht the HELO line
claiming to be play.gamerz.net (my MTA) must be the specified
IP (or one of the specified IPs).
Trivially easy to by-pass. Just claim to be 127.0.0.1, or
10.0.0.1, or some other IP address. Or maybe your "real" external IP
address (assuming you have some reliable way of determining that,
even though you might be behind a NAT or whatever).
So, connections from nameless IPs probably deserve to be weighted as
'spam-likely' in your consent decision. Perhaps even 'spam, guaranteed'.
There's a reason why the RFC says that you don't validate the
hostname claimed in HELO/EHLO. It takes too much time, and is too
easy to by-pass.
That design decision was made before the current situation came into
being. Now, my spamassassin installation spends far more time doing
content inspection on spam messages than the 'too much time' it would
take to validate the provided hostname.
The network environment has changed, the assumptions about overhead need
to be re-evaluated.
David Maxwell, david(_at_)vex(_dot_)net|david(_at_)maxwell(_dot_)net
Asrg mailing list