On Sep 24, Dave C. wrote:
> On Mon, 23 Sep 2002, Mike Meredith wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > On Monday 23 September 2002 15:03, Greg Ward wrote:
> > > On 23 September 2002, Mike Meredith said:
> > > > to block mails with "<>" as the sender address *and* multiple
> > > > recipients. The reason for this being the occasional mail
> > > > virus/worm that uses this sender address.
> > >
> > > Ooh, clever idea! Not sure what the RFCs say about this, but my
> > > intuition tells me that <> with multiple RCPTs is bogus.
> >
> > RFC2505 2.6.1 specifically says that you MUST NOT block "<>" with
> > multiple recipients because there are sometimes occasions when a bounce
> > should go to multiple recipients (it mentions list aliases).
> >
> > As I'm pretty sure I don't have senders with multiple recipients, it's
> > tempting to ignore that bit of the RFC (did I really say that?) and go
> > ahead.
>
> Uhm, an bounce should only go to the (single) sender/return path of an
> original message. If your server ends up aliasing that internally to
> more than one recipient, then that will have already passed that test.
>
> I would say it was safe to reject such crap.
Just my own anecdotal 2p on this:
Some time ago I suffered badly with such spam (in a way, I'm surprised
more spam isn't sent with a null sender as of course it's then
impossible to block it on the sender) on a qmail system. There's no
direct way of configuring this in qmail, so I altered qmail-smtpd to
reject such mail with "551 Multiple recipients denied with null envelope
sender" - and in about two years saw no examples of legitimate mail
rejected by it.
Regards,
Mark
--
| Mark Hynes mark.hynes@??? |
| Systems Developer http://www.uk.easynet.net/ |
| Easynet Ltd -- a part of Easynet Group plc |