Re: [Exim] Fixing SPF Forward Problem by Reply-to: Hack?

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Avleen Vig
Date:  
À: Edgar Lovecraft
CC: exim-users
Sujet: Re: [Exim] Fixing SPF Forward Problem by Reply-to: Hack?
On Sun, Mar 21, 2004 at 10:43:13PM -0600, Edgar Lovecraft wrote:
> This is not true, the majority, or all Sat services require you to
> 'dial-up' for outbound content, they must still dial up somewhere, and at
> that somewhere there is a router, any ISP is going to have a router that is
> capable of blocking TCP port traffic, the same is true with Cable, DSL,
> wireless, and standard dial-up connection.  There will always be a 'router'
> at the 'connection point' to the rest of the world (internal to an ISP's
> network could be different, but that all depends on the ISP and how they
> have setup the internal network), as an example, my home ISP is Cox Cable,
> I do not have 'a direct connection to the Internet' as some believe, my
> Cable modem gets an IP address from a Cox DHCP server, and Cox has routers
> that take my traffic to the 'world at large'
> example partial trace to www.exim.org from my workstation:
> 1    17 ms     *       13 ms  ip68-102-96-1.ks.ok.cox.net [68.102.96.1]
> 2    18 ms     *       15 ms  ip68-103-127-1.ks.ok.cox.net [68.103.127.1]
> 3    20 ms    20 ms     *     68.12.13.29
> 4    25 ms     *       22 ms  mtc3bbrc02-pos0101.rd.ok.cox.net [68.1.0.108]
> 5    18 ms     *       35 ms  mtc3bbrc01-pos0100.rd.ok.cox.net [68.1.0.102]
> 6    26 ms     *       25 ms  dllsbbrc02-pos0103.rd.dl.cox.net [68.1.0.107]
> 7    26 ms    31 ms     *     unknown.Level3.net [209.246.136.33]
> As you can see, there are at least six devices under the direct control of
> Cox Communications that could be set to block any port they desire.  The
> same is true for any connection including 'piggy back' ISP's such as the
> AOL braodband type of connections.


Wrong. While you some of what you say is correct, when you get to the
"piggy-back" ISP stage everything falls apart. AOL, MSN, Earthlink, and
all the other cable piggy-backers pass through the *same* gear at the
Cable ISP. There is no way for the cable co's routers to know (AFAIK)
the Edgar is a Cox, Earthlink, MSN or AOL customer. When this is the
case, how does the router tell which SMTP server to allow access to?
Of course the best answer is shut off SMTP and force everyone to use
SMTP AUTH only. :-)

> AOL does use many other less publicized anti-spam measures that are good,
> just for example, not gauranteeing that they will accept email or
> connections from MTA servers that have NO rDNS. These are the types of
> things that they really should be marketing, not SPF as AOL may/may not
> care if they break someone's personal web page. But when they do, what is
> thier 'fix' for thier customer?
> That is another reason I prefer an approach to what I stated, at least the
> ISP's could say hey, you just cannot send on tcp port 25, but...


There are a lot of anti-spam measure that are having to take effect
because we didn't design SMTP right from the start (and that's no-one's
fault, we could never envision this), and we didn't fix it when we had
the chance.

As a result we're now putting fix on top of fix to work around the
multitude of problems (SPF, SpamAssassin, hash-cashing, etc etc). I
believe some of these should be *protocol* issues, not application
level.

But the fact is, we're here. We need to make the best of a bad
situation, and what EVER we choose, there will be people who are upset
with it. We need to agree that like there isn't one solution to the spam
problem, there isn't any solution that will make everyone happy. So this
will get decided one of two ways:
1) A few people get around a table, hash a solution out, which
everyone agrees to follow (no matter what it is)
2) or the majority will pick one solution, and if everyone wants their
mail to carry on working as it used to, they'll fall in line and a few
months later forget what the fuss was about.