ietf-smtp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Bounce/System Notification Address Verification

2005-07-02 09:47:03
from [Valdis . Kletnieks] [Permanent Link] 
On Thu, 30 Jun 2005 07:30:24 EDT, Hector Santos said:


Here's another one.  This is the SendMail.com server:

220 foon.sendmail.com ESMTP Sendmail Switch-3.1.7/Switch-3.1.7;
        Thu, 30 Jun 2005  03:55:50 -0700
helo smtp.sendmail.com
250 foon.sendmail.com Hello adsl-10-44-25.mia.bellsouth.net [65.10.44.25],
pleas
ed to meet you

See the problem?  [Hint: Spoofing]

Lets check Claus's esmtp.org server:

220 zardoc.esmtp.org ESMTP sendmail X.0.0.Alpha4.0
helo zardoc.esmtp.org
250 zardoc.esmtp.org Hi there
mail from: <>
501 5.1.7 Bad sender's mailbox address syntax.

Wonderful!  Its worry about a space, but it doesn't protect its own local
domains! <g>


What can I say? Claus is a standards-conforming kind of guy :)

In what sense is the handling of the HELO parameter failing to "protect"
the domain?

Note that (a) the HELO isn't usually *used* for anything, (b) will get you a
nice little notation in the Received: header, and (c) the relevant RFCs
specifically say that bouncing mail solely because the machine is confused
about its name is prohibited (2821, section 4.1.4)

   An SMTP server MAY verify that the domain name parameter in the EHLO
   command actually corresponds to the IP address of the client.
   However, the server MUST NOT refuse to accept a message for this
   reason if the verification fails: the information about verification
   failure is for logging and tracing only.

And sure enough, if you were to proceed with valid MAIL FROM/RCPT TO, you'd
find that the Received: header would contain *3* fields - your claimed HELO
name, the IP you *actually* came from, and the PTR that IP has.  In addition,
if the hostname claimed by the PTR doesn't have an A record matching the IP,
there will be a 'might be forged' notation).

And rest assured, if you had tried to claim the same domain address on the
MAIL FROM, Claus's servers would have told you exactly what you could do with 
it.

Attachment: pgp4Cp9Ne5k7N.pgp
Description: PGP signature

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Bounce/System Notification Address Verification, Valdis . Kletnieks
Next by Date:  Re: spamops-04, Bruce Lilly
Previous by Thread:  Re: Strict RFC x821 Compliant: HELO/EHLO, Hector Santos
Next by Thread:  Strict RFC x821 Compliance: HELO/EHLO, Hector Santos
Indexes:  [Date] [Thread] [Top] [All Lists]