Hi Peter, on Fri, 2 Apr 2004 17:44:31 +0100 you wrote:
> > So you'll presumably have no difficulty telling us (and prefereably
> > also a large number of other Exchange administrators) how to reject
> > unwanted mail at SMTP time, rather than initially accepting it and
> > then bouncing it to faked envelope-sender addresses?
> Install Exchange 2003 (as has already been mentioned in this thread)
I discovered this amazing new feature the other day too. Presumably,
finally bringing his own product lines into the dizzy 1980's era is a key
part of Bill's Big Plan To Kill All Spam In The Next 2 Years ;) However, I
am informed by a Windows admin whose word I take on trust that this option
is in fact disabled by default, thus rendering it largely useless given
that based on my experience to date, a significant number of Exchange
admins would struggle to spell SMTP (STMP? SPMT?) let alone understand the
significance of such a setting, or change it from its default. (No offence
to the Exchange admins who do actually know what they are doing; I know
you exist but unfortunately you become the butt of jokes due to the
apparent ignorance and/or arrogance of many/most users sharing your choice
of software).
Nevertheless, the fact that the option exists is definitely worthy of note
to long-suffering admins of other systems who wish to, ahem, "re-educate"
Exchange admins who spam them with bogus DSNs. Anyone who can tell me
about how to do the equivalent with qmail (if it is indeed possible, which
I understand it probably isn't without patching) shall receive my thanks,
given the fact that qmail also shares this unhealthy aversion to rejecting
at SMTP time and instead auto-spamming anyone unlucky enough to have their
address forged by a virus/spammer.
I'm not going to add any more FUD to this thread, but it's worth reviewing
the following article, written by an MS Exchange product unit manager,
discussing this precise topic. Whilst it is useful as a reference (for
people like me to send to Exchange admins who spam me) on how to make
Exchange (2003) work sanely, and explains/makes excuses for why Exchange
has not formerly done RCPT-time checking, the most interesting point to me
is that that not once in the article does the author indicate he has any
inkling of the abuse problems caused by failing to reject at SMTP time,
instead referring exclusively to performance and integration issues.
Rightly or wrongly, this tends to reinforce my personal perception that
many people deeply involved with writing networked applications (not
limited to MS, by the way, though they are a primary culprit) either
really don't appreciate the implications (often serious in their impact on
others) of what they are doing, or have their priorities upside down.
Whilst many of them are undoubtedly skilled programmers, if only they
could temper their keenness to fire up MS Visual Studio and start hacking
with a modicum of the diligence and deference shown by people like Philip
Hazel...
http://blogs.gotdotnet.com/dlemson/PermaLink.aspx/f8b0ed0a-b586-40a1-ad1b-15e8a7c95dda
Tim