Re: [Exim] Re: unexpected disconnection

Top Page
Delete this message
Reply to this message
Author: Wakko Warner
Date:  
To: patrick-d-1056882115.7d84ba
CC: exim-users
Subject: Re: [Exim] Re: unexpected disconnection
> Why should a statement like that worry me? It's not so much whether your
> server may or may not be 100% RFC compliant (if you're not then you are
> in good company, most servers in the world most likely aren't) but it's
> the fact that you are managing a public mail server and you are stating
> that you don't care about the standards which are meant to facilitate the
> interchange of data worldwide. And when I say public I am meaning public
> in the sense that the front door of your house is "public", not public as
> in "public house" :-)


It might be public in the sense that anyone can connect (er, as long as I
didn't blacklist the IP), but as far as it's usage, it isn't public. It's
for sending email to me, not to everyone on the internet.

RFCs mandate a working postmaster address. If you've been blacklisted,
there's no working address period.

> When you make a statement like that don't you see you are putting
> yourself in the same basket as those you are (rightly) condemning - above
> the "standards" which are attempting to govern the interchange of data on
> a *public* infrastructure. It's a "slippery slope..." to quote someone
> who works hard to provide a tool that follows those standards - a tool
> which we all enjoy.


If you're not blacklisted and you are rfc compliant, you won't notice what
I've set my system up as. Everything works.

> I, like you, really don't like what spammers are doing to global email,
> but tell me - which parts of the RFC's are you going to throw out? and
> where will you stop? and what happens when someone else ignores some part
> of the RFC's that you may rely on? Well... it's his _right_ isn't it??


RFCs mandate that a working postmaster address and also mandate that HELO
must not be refused because of content.

The RFC about HELO is a problem I have ran into. I have noticed tons of
spam uses fake HELO addresses (hotmail.com, msn.com, microsoft.com, aol.com,
compuserve.com, and your IP address). Am I going to allow this? Something
so easy to block. Well, no, I'm not allowing it. Now, if you *ARE* using
aol.com and an helo of aol.com happens, yes, it'll work. If you're using
mindspring for instance and you helo as aol.com, no, I will not allow it. To
me, that's not the right way (and unless I read the rfc wrong, you're
supposed to HELO of your system's name, not someone elses). These kinds I
just drop. If they *WANT* to email postmaster, they'll have to HELO as
something else.

If you're blacklisted, of course, you can't mail postmaster becuase you
can't connect. A host that's persistant gets dropped into the firewall
rules. If they *WANT* to email postmaster, they can use something else, but
generally, they won't because it's too much trouble for them, and I'm likely
not going to believe that.

One last thing I check for is very similar to the HELO checking I do above,
except it's for email addresses. yahoo, hotmail, aol and msn are checked.
These are usualy forged or legitimate email addresses spammers are using.
But well, if you are using yahoo's web interface and do come from yahoo, I
have no problem. If they *WANT* to email postmaster, they'll have to use
yahoo's facilities. I do a similar check at work, but mail is not blocked,
just copyied to me. I did that because I know the people we dealwith at
work may not use aol to send a message and have an aol address. It has,
however trapped several spams that did come in.

> No, fortunately, it is not his right.


IMO, your server, your rules. That's probably why the ACLs replaced the
policy in Exim3 when Exim4 came out. Could also be why phil added the MAIL
and connect acls between exim 4.10 and 4.14.

> > I didn't realize how much spam came from korea.
>
> You mean 'bounces off' Korea don't you? On its way out from the US.


Yes. When I said comes from korea, I meant comes from a korean IP (relayed,
or whatever).

I know someone else on this list blocks not only korea, but also taiwan. I
haven't blocked taiwan yet, but I might. Well, wait, that might not be RFC
compliant either.

Everything I've stated is the only parts I have 'broken'. As I see it,
spammers don't care about the RFCs and just blast (I'm not saying all
spammers do this) the mesage and leave. If I didn't do the above, more
likely, there'll be more in my logs that I have to deal with. I'm not
willing to deal with this. If they're persisient, the log entries are the
same and it's not as difficult to deal with.

This is why I said I wasn't fully compliant. The RFCs apparently didn't
take spammers into consideration whereas I do.

Lab tests show that use of micro$oft causes cancer in lab animals