[Top] [All Lists]

Re: Bounce/System Notification Address Verification

2005-06-30 04:36:16

----- Original Message -----
From: "Arnt Gulbrandsen" <arnt(_at_)gulbrandsen(_dot_)priv(_dot_)no>

Hector Santos writes:

You better reconsider being more relaxed with that MAIL FROM: strict
syntax I'm sure you will get hit by other servers

In the past week, 100% of the mail arriving at work with
     MAIL FROM: <...
     RCPT TO: <...
was spam. Good fodder for bayesian analysis.

(Btw, I didn't discover this; der Mouse told me.)

Interesting. Very interesting.

Well,  I'm little hot under the collar right now.  Apparently, two revisions
ago our wcSMTP outbound server introduced a space.  So we got a get a hotfix
out asap today for this mite.   But our inbound server has always allowed
for a space simply because it was always possible. It never rejected because
it had space. Claus's Sendmail "X.0.0.Alpha4.0" server/version is the first
time I've encountered such a restriction.

Does anyone have any historistical perspective on this?

Anyway, I did some log analysis on this and you're right; a good bit of the
transactions which "appeared" to be from spammers had spaces.  I also
noticed the Microsoft Outlook MUA also uses a space.

You're right. I might fit well in a bayesian analyzer.

Here's another one.  This is the server:

220 ESMTP Sendmail Switch-3.1.7/Switch-3.1.7;
        Thu, 30 Jun 2005  03:55:50 -0700
250 Hello [],
ed to meet you

See the problem?  [Hint: Spoofing]

Lets check Claus's server:

220 ESMTP sendmail X.0.0.Alpha4.0
250 Hi there
mail from: <>
501 5.1.7 Bad sender's mailbox address syntax.

Wonderful!  Its worry about a space, but it doesn't protect its own local
domains! <g>

On a good day, I catch about 12% of these at my server.

Hector Santos, Santronics Software, Inc.

<Prev in Thread] Current Thread [Next in Thread>