[Top] [All Lists]

Re: [Asrg] 0. General

2003-10-22 13:06:24
On Thu, Oct 23, 2003 at 01:44:25AM +0700, Brad Knowles wrote:
At 12:09 AM -0400 2003/10/22, Richard Rognlie wrote:

And remember, I'm not specifying that mail from 
has to come from "the" RMX... just taht the HELO line
claiming to be (my MTA) must be the specified
IP (or one of the specified IPs).

      Trivially easy to by-pass.  Just claim to be, or, or some other IP address.  Or maybe your "real" external IP 
address (assuming you have some reliable way of determining that, 
even though you might be behind a NAT or whatever).

So, connections from nameless IPs probably deserve to be weighted as
'spam-likely' in your consent decision. Perhaps even 'spam, guaranteed'.

      There's a reason why the RFC says that you don't validate the 
hostname claimed in HELO/EHLO.  It takes too much time, and is too 
easy to by-pass.

That design decision was made before the current situation came into
being. Now, my spamassassin installation spends far more time doing
content inspection on spam messages than the 'too much time' it would
take to validate the provided hostname.

The network environment has changed, the assumptions about overhead need
to be re-evaluated.

David Maxwell, david(_at_)vex(_dot_)net|david(_at_)maxwell(_dot_)net 

Asrg mailing list

<Prev in Thread] Current Thread [Next in Thread>