Auteur: Giuliano Gavazzi Date: À: Suresh Ramasubramanian CC: Rossz Vamos-Wentworth, exim-users Sujet: Re: [Exim] blocking fake yahoo and hotmail
At 6:29 am -0500 2003/11/21, Suresh Ramasubramanian wrote: >Giuliano Gavazzi writes on 11/21/2003 3:12 AM:
>
>>2) more importantly, one can set his return address to a valid
>>yahoo/hotmail address but use his own ISP SMTP server to send mail.
>>You would reject these messages. This is not too common, but how
>>uncommon is it?
>
>That is not a problem. Where your approach fails is .forwards where your user
may I point out that "your" here is not "mine" but "his"...
>has (say) a mail.com / bigfoot / shell account pointing to his
>account on your domain. Someone from hotmail mails him on that
>shell account.
yes, I forgot to mention this more common case. An equivalent problem
is not accepting incoming mail whose sender is local: it breaks on
forwarding in a very similar fashion.
>>A safer approach is, independently from the sender domain, check the
>>HELO argument, if it contains (yahoo|hotmail)\.com check the reverse
>>DNS, if the reverse does not contain the same string, defer it. Use
>
>If HELO yahoo.com comes from an IP with non yahoo rDNS, DENY - don't
>waste time deferring it.
>
the problem is, I have seen DNS giving no reverse (NXDOMAIN) instead
of either SERVFAIL or <whatever is the correct response for timeouts>.
In other words, when NXDOMAIN is returned, the reverse will be the
empty string, I think, and the test will fail, rejecting possibly
legitimate mail. If you defer you effectively make NXDOMAIN
equivalent to the other cases, and will accept the email when finally
the DNS behaves..
On the other hand I have seen not many spammer giving any notice to
SMTP error codes, of course I might be wrong here.