ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: blowback, was A new SMTP "3821" [Re: FTC stuff...........]

2005-01-10 12:51:45
from [Matthew.van.Eerde] [Permanent Link] 


From: Dean Anderson [mailto:dean(_at_)av8(_dot_)com]
On Sun, 9 Jan 2005 terry(_at_)ashtonwoodshomes(_dot_)com wrote:



Agreed, but near sighted.  If the sending MTA had done some 

sort of validation to ensure the message

was not forged when it accepted it, then we wouldn't have a 

blowback problem.  You cannot blame

subsequent MTA's in the path for detecting and rejecting 

bad email when its something the first hop

MTA could (and should) have done in the first place!


And just what sort of validation would that be?


Authentication (SMTP AUTH, POP-before-SMTP, etc.), restriction to trusted IP 
addresses, etc.  Basically the sending server is responsible for authorizing 
its own use, via whatever method is most appropriate.
 

His point I think is that if the virus is trying to send 

directly to the MTA it would get rejected

with no bounce back (because the virus wouldn't process a bounce).

If an MTA.1 accepted a virus message, and tried relaying it 

to MTA.2, when MTA.2 rejects it as

forged, and MTA.1 processes a bounce, well, NO SYMPATHY FOR 

MTA.1, it should have taken steps to

prevent the virus/forgery etc from being accepted by itself 

in the FIRST PLACE.

Your lack of sympathy for MTA.1 is unfortunate, but unrealistic.  Even
taking steps to prevent viruses does not catch all virues.  Even using
SMTP AUTH on a closed relay does not prevent forgery.

              --Dean


I have the greatest sympathy for MTA.1 and its users.  My sympathy (as MTA.2's 
admin) does NOT extend to taking responsibility for delivery of the viruses 
MTA.1 is trying to unload on me.  If MTA.2 then turns around and delivers the 
virus to someone else, that is not my problem.

With my particular MTA.2, I reject virii even if they are to valid addresses.  
If this causes MTA.1 to deliver a bounce message (possibly even including the 
virus) to the forged sender, then MTA.1 just made a big mistake.  I suppose a 
case could be made that it's "my fault" somehow, but I'm not going to lose any 
sleep over it.

Matthew.van.Eerde (at) hbinc.com                 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com         Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: blowback, was A new SMTP "3821" [Re: FTC stuff...........], Dean Anderson
Next by Date:  RE: blowback, was A new SMTP "3821" [Re: FTC stuff...........], Matthew.van.Eerde
Previous by Thread:  RE: blowback, was A new SMTP "3821" [Re: FTC stuff...........], Dean Anderson
Next by Thread:  RE: blowback, was A new SMTP "3821" [Re: FTC stuff...........], terry
Indexes:  [Date] [Thread] [Top] [All Lists]