Re: [Exim] Viruses, and HELOs without dots

On Mon, 2004-08-02 at 15:03 -0400, Walt Reed wrote:
> On Mon, Aug 02, 2004 at 06:28:19PM +0100, Alan J. Flavell said:
> > On Mon, 2 Aug 2004, Hochstrasser Benedikt wrote:
> >
> > >What I like even more is MAIL FROM == RCPT TO...
> >
> > I'm sorry if I seem overly argumentative today, but we've just had
> > four of those, which - as far as the user was concerned - were bona
> > fide mails, whatever we admins might have thought.
>
> Forged envelope senders is never legit.

this is not a forgery.

> That kind of thing will break at
> every site that uses SPF, and is totally incompatible with many other
> anti-spam configurations and proposals as well. "From:" forging is much
> different that MAIL FROM forging. One has a legit uses, the other does
> not.

many people would say it is SPF which is broken.

> > She visited a real-estate web site, liked the look of four of the
> > properties, and asked it to email the details to her. Which it duly
> > did, in four successive emails: putting her own address as envelope
> > sender, as well as recipient.
>
> Sorry, but sites that accept mail from this kind of site perpetuate this
> behavior. How the heck are we supposed to deal with spam if "legit"
> sites are behaving just as bad as spammers? The content may well be
> "legit" but the transport is not.

why not?

> It's quite likely that the web site didn't want to deal with bounced
> mails. This is not the way to do it.

what do you propose, then? I believe using <> as the sender is wrong
for original messages, it should only be used for automatic replies.
setting up a <devnull@???> only wastes resources.

> Persoanlly, I would have rejected the mail, and when the customer
> complained about not getting this bogus mail, whitelist and inform the
> sender that they have 30 days to fix their email system before further
> mail is rejected for non-compliance.

do you mind telling us which RFC this doesn't comply with?

--
Kjetil T.