----- Original Message -----
From: "Luis Bruno" <lbruno(_at_)republico(_dot_)estv(_dot_)ipv(_dot_)pt>
To: "IETF MARID WG" <ietf-mxcomp(_at_)imc(_dot_)org>
Sent: Monday, June 21, 2004 4:31 PM
Subject: Re: Drive Towards Consensus [was Re: On Extensibility in MARID
Records]
Jonathan Gardner wrote:
If we decide that Sender ID will only authenticate whether a particular
MTA
at an IP address is allowed to send messages for a domain, then Sender
ID
is sufficient.
Sufficient, but not necessary; in other words, overkill.
Paging Hector Santos: I couldn't get email directly to you; 550 Return
Path
not verifiable after RCPT TO: (and postmaster@ didn't work :-) )
Oh, I got something this morning directly from you?
----- Original Message -----
From: "Luis Bruno" <lbruno(_at_)republico(_dot_)estv(_dot_)ipv(_dot_)pt>
To: "Hector Santos" <hsantos(_at_)santronics(_dot_)com>
Sent: Monday, June 21, 2004 7:01 AM
Subject: Re: MARID Records and the standards process
And I replied to this.
Let me check the anti-spam logs. Ok, your 7am message was validated
successfully via CBV:
20040621 07:04:31 -------------------------------------
20040621 07:04:31 version : 1.62 / 1.54
20040621 07:04:31 calltype : SMTP
20040621 07:04:31 state : rcpt
20040621 07:04:31 srvdom : winserver.com
20040621 07:04:31 srvip : 208.247.131.9
20040621 07:04:31 cip : 193.137.7.30
20040621 07:04:31 cdn : republico.estv.ipv.pt
20040621 07:04:31 from :
<lbruno(_at_)republico(_dot_)estv(_dot_)ipv(_dot_)pt>
20040621 07:04:31 rcpt : <hsantos(_at_)santronics(_dot_)com>
20040621 07:04:31 ruid : 228947
20040621 07:04:31 testorder : FLT RBL SPF CEP CBV
20040621 07:04:31 sapfilter : pass (time:62)
20040621 07:04:31 saprbl : testing 30.7.137.193.sbl.spamhaus.org
20040621 07:04:33 saprbl : testing 30.7.137.193.list.dsbl.org
20040621 07:04:34 saprbl : testing 30.7.137.193.bl.spamcop.net
20040621 07:04:35 saprbl : pass (time:3485)
20040621 07:04:40 sapspf : none (time:4921)
20040621 07:04:40 sapcep : test from=republico.estv.ipv.pt
20040621 07:04:44 sapcep : none (time:4875)
20040621 07:04:46 sapcbv : total mx records: 0
20040621 07:04:51 try domain : republico.estv.ipv.pt ip: 193.137.7.30
20040621 07:04:51 # connecting to 193.137.7.30
20040621 07:04:52 S: 220 republico.estv.ipv.pt ESMTP Exim 4.22 Mon, 21 Jun
2004 12:02:15 +0100
20040621 07:04:52 C: NOOP WCSAP v1.62 Wildcat! Sender Authentication
Protocol http://www.santronics.com
20040621 07:04:52 S: 250 OK
20040621 07:04:52 C: HELO mail.winserver.com
20040621 07:04:52 S: 250 republico.estv.ipv.pt Hello ntbbs.winserver.com
[208.247.131.9]
20040621 07:04:52 C: MAIL FROM: <>
20040621 07:04:53 S: 250 OK
20040621 07:04:53 C: RCPT TO:
<lbruno(_at_)republico(_dot_)estv(_dot_)ipv(_dot_)pt>
20040621 07:04:53 S: 250 Accepted
20040621 07:04:53 C: RCPT TO:
<wcsap-openrelay-test-123sxa23(_at_)alqwejad(_dot_)com>
20040621 07:04:53 S: 550 relay not permitted
20040621 07:04:53 C: QUIT
20040621 07:04:53 sapcbv : 250
20040621 07:04:53 result : accept (-1)
20040621 07:04:53 wcsap finish (22172 msecs)
20040621 07:06:17 -------------------------------------
Why no SPF record? <g>
I sent a reply to you, and I see a 10am transaction from you which failed
due to your return domain failed.
A 451 response was issued to allow you to try again. It was tried 2-3 more
times.
20040621 10:18:42 -------------------------------------
20040621 10:18:42 version : 1.62 / 1.54
20040621 10:18:42 calltype : SMTP
20040621 10:18:42 state : rcpt
20040621 10:18:42 srvdom : winserver.com
20040621 10:18:42 srvip : 208.247.131.9
20040621 10:18:42 cip : 193.137.7.30
20040621 10:18:42 cdn : republico.estv.ipv.pt
20040621 10:18:42 from :
<lbruno(_at_)republico(_dot_)estv(_dot_)ipv(_dot_)pt>
20040621 10:18:42 rcpt : <hsantos(_at_)santronics(_dot_)com>
20040621 10:18:42 ruid : 228947
20040621 10:18:42 testorder : FLT RBL SPF CEP CBV
20040621 10:18:42 sapfilter : pass (time:63)
20040621 10:18:42 saprbl : testing 30.7.137.193.sbl.spamhaus.org
20040621 10:18:42 saprbl : testing 30.7.137.193.list.dsbl.org
20040621 10:18:43 saprbl : testing 30.7.137.193.bl.spamcop.net
20040621 10:18:49 saprbl : pass (time:6906)
20040621 10:18:49 sapspf : none (time:703)
20040621 10:18:49 sapcep : test from=republico.estv.ipv.pt
20040621 10:18:50 sapcep : none (time:1282)
20040621 10:19:00 sapcbv : rejected - can not resolve
republico.estv.ipv.pt
20040621 10:19:00 result : reject (0)
20040621 10:19:00 smtp code : 450
20040621 10:19:00 reason : Rejected by WCSAP CBV
20040621 10:19:00 wcsap finish (19094 msecs)
20040621 10:19:50 -----------------------------------
I just tried again manually and your domain still fails MX and A record
lookups:
d:\wc5beta>nslookup -query=mx republico.estv.ipv.pt
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to ns1.mia.bellsouth.net timed-out
d:\wc5beta>nslookup -query=a republico.estv.ipv.pt
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to ns1.mia.bellsouth.net timed-out
Lesson/Notes here learned?
Strict SMTP compliancy works for valid return addresses works. Spammers
will not complain about False Positives. However, legitimate people will.
But I don't see the FAULT in the SMTP operation. It did its job as it
suppose to behave with a strong enforcment of SMTP compliancy - meaning that
ADDRESS better be good! By far, this approach as eliminate a majority of
the anonymous mail abuse.
When MARID is implemented, the 2821 portion of it will replace MCEP (SAPCEP)
logic above. At some point, I hope it to replace SPF, but SPF will probably
not be removed with the initial implementation.
The MARID 2822 logic will be added AFTER the 2821 is validated. Nothing
from I see in Microsoft MCEP logic will validate this type of transaction
with a high degree of trust. That address better be good when it is
provided at MAIL FROM:
-- Hector