----- Original Message -----
From: "David Mazieres (no direct replies)"
<dm-list-spf(_at_)scs(_dot_)stanford(_dot_)edu>
At the remote site:
C: MAIL FROM: <>
S: 250 Ok
C: RCPT FROM: <postmaster @ somedomain.com>
S: 250 Ok
So it provides no feedback.
Of course it provides feedback!
But not at this level. Only when you try to resolve the MX and try to
connect. So you correct from that standpoint and I agree.
We don't actually do this part but its worth investigating. I have to
confirm with our statistics but most of our rejects is on spoofed or bad
user parts, not domains.
Can you just give me an example, more specificly, of the second, open
relay CBV? Suppose client with IP address A is sending mail to server
with IP address B. The session begins:
A -> B: EHLO A
B -> A: 220 whatever
A -> B: MAIL FROM:<non-postmaster(_at_)some(_dot_)domain(_dot_)tld>
B -> A: 250 ok
A -> B: RCPT TO:<non-postmaster(_at_)some-other(_dot_)domain(_dot_)tld>
Now you are saying that at this point you start 2 CBVs?
No, during the single and same CBV session to validate the return path, if
this passes, then another RCPT-TO: is issued.
Here is old 2004 log entry I was able quickly find:
09:32:00 cip : 66.238.52.155
09:32:00 cdn : mail.mr-ink.info
09:32:00 from : <melia(_at_)mr-ink(_dot_)info>
09:32:00 rcpt : <support(_at_)santronics(_dot_)com>
09:32:10 sapcbv : total mx records: 4
09:32:10 try mx : mail.mr-ink.info ip: 66.238.51.71
09:32:10 # connecting to 66.238.51.71
09:32:19 S: 220 mr-ink.info ESMTP (Code-Crafters Ability Mail Server 1.14)
09:32:19 C: NOOP WCSAP v1.52 Wildcat! Sender Authentication Protocol
http://www.santronics.com
09:32:19 S: 503 Please say hello, don't be awful.
09:32:19 C: HELO mail.winserver.com
09:32:19 S: 250 mr-ink.info
09:32:19 C: MAIL FROM: <>
09:32:20 S: 250 <> OK.
09:32:20 C: RCPT TO: <melia(_at_)mr-ink(_dot_)info>
09:32:20 S: 250 <melia(_at_)mr-ink(_dot_)info> OK.
09:32:20 C: RCPT TO: <wcsap-openrelay-test-123sxa23(_at_)alqwejad(_dot_)com>
09:32:20 S: 250 <wcsap-openrelay-test-123sxa23(_at_)alqwejad(_dot_)com> OK.
09:32:20 * Warning! Rejecting Open Relay site: 66.238.51.71
09:32:20 C: QUIT
09:32:20 smtp code : 552
09:32:20 reason : Rejected by WCSAP CBV
09:32:20 wcsap finish (19703 msecs)
C: NOOP WCSAP v2.07 Wildcat! Sender Authentication Protocol
http://www.santronics.com
I think you should include the IP address of the client that caused
the probe, and the possibly forged Mail-From address. Otherwise, you
may know that people are forging mail from you, but have no way of
identifying who is doing it.
Hasn't been an issue David. But I will take it in for future consideration
:-)
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your
subscription,
please go to
http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com