ietf-smtp
[Top] [All Lists]

Re: RFC 5321bis / 2821ter

2009-01-28 07:12:03

Alessandro Vesely wrote:

Paul Smith wrote:
A bot could use:
EHLO fhbdfhbeng.spammer.com

where fhbdfhbeng.spammer.com resolves to the IP address of the bot. The
spammer can trivially set up a virtual DNS zone with all valid IP
addresses in it, and the bot just chooses the appropriate one.

Uh, I may be dumb but I finally got it...

I guess that by "virtual DNS zone" you mean something where "fhbdfhbe"
is the hex IP address of the bot (possibly obtained via traceroute
from behind a NAT) and "ng" the bot version or whatever additional
info is necessary for virtualizing the zone.
Well, "fhbdfhbeng" was actually an impression of my cat walking on the
keyboard (rather than with any deeper significance), but apart from
that, yes. The actual IP -> host name encoding could be anything (making
it harder to spot this trick automatically).
Exactly, so how does having a 'correct' EHLO parameter help?

I can see that having an incorrect one can be used to block mail, IF
(and this is a big 'if') you can be sure that legitimate senders set up
things correctly. However, if this becomes a standard check, then it is
trivial for a spammer to get around it. And, all that has achieved is
another useless check, which makes life harder for the good guys.

Hm... it is useless to install an armored door in a shutterless house,
and it is also useless to install security shutters since the door
cannot be locked. Does that analogy fit the status quo?
Sort of, but any EHLO validation is really more like a door with 32
locks, all of whose keys are hanging from a string by the door. It's a
pain for the legitimate person to get in, and a determined burglar could
get in without that much difficulty as well.

Having a normal door, and having basic locks on the windows would be a
better start than having a complex armoured door and leaving the windows
open.

IMHO, if we start designing an armored door, perhaps by the time it
will be installed those shutters will be underway. I still like VHLO.

Not sure what VHLO is, I tried googling for it, and came up with 'Video
Heat Online', which might well be very likeable, but I'm not sure it's
what you meant...

Assuming it's some form of a (decently) 'verifiable helo' then, yes,
that would be better, but you have the backwards compatibility issue,
where bad people just won't use it and will pretend they're using an
SMTP sender from the 1980's. I actually don't have an issue with
breaking backwards compatibility, as long as we get something worthwhile
from it. I just don't think checking EHLO parameters is a good enough
reason.

(I actually think IPv6 mail would be a natural point to break backwards
compatibility and solve a lot of the problems with SMTP, but we've had
that argument on this list before and got nowhere..)



-- 
Paul Smith

VPOP3 - POP3/SMTP/IMAP4/Webmail Email server for Windows

<Prev in Thread] Current Thread [Next in Thread>