Author: James P. Roberts Date: To: Chris Edwards, David Woodhouse CC: Exim-users Subject: Re: [Exim] MyDoom filtering?
----- Original Message -----
From: "Chris Edwards" <chris@???>
To: "David Woodhouse" <dwmw2@???>
Cc: "Exim-users" <exim-users@???>
Sent: Saturday, January 31, 2004 8:22 AM
<snip> > ALSO, note that to due basic relay restrictions, the relaying MTA here is
> not an innocent party for another reason - it *must* be the smarthost of
> the ISP providing network service to the infected PC. <snip>
I don't follow the *must* statement here?
There are any number of legitimate forward-only services out there, which are
*not* necessarily anyone's ISP, which will forward such things to our servers,
and therefore actually *are* innocent third parties. They are simply acting
as reliable pipes in the middle of the transport path.
As an example, should anyone send a bounce to my school address, my school
will dutifully forward it to my real account, as agreed. That account
*should* never see a bounce; anything, addressed as *coming* from that
address, was not sent by me. The school cannot know this, however, since they
do provide a web-based method of sending such email. Personally, if I ever
got one, I would know, due to my special circumstances, that it had to be due
to someone spoofing my school address. But the 3rd party forwarder (my school
in this example) cannot know this.
Unless they have some remarkable ability to track every email they send; and,
for every bounce that comes in, compare to their "sent" database, and reject
if there is no match. And the sending host is probably not the same as the
receiving host, so it has to be a remote-accessible database. Wow. Maybe I
should suggest this to them if it ever gets to be a problem. ;)
