[ On Thursday, October 14, 2004 at 17:24:44 (-0700), Tor Slettnes wrote: ]
> Subject: Re: [exim] Is there and logical reason to reject mail from: <> ?
>
> You keep missing the point. It is not about the original spam; the
> issue is the "backscatter" (a.k.a. collateral spam) generated by
> post-SMTP spam/virus filters elsewhere. These send a DSN to the
> original sender addresss (in some cases, that could be
> "postmaster@???").
It doesn't really matter if it's backscatter or not.
There is still no _valid_ excuse for rejecting mail transactions
addressed to the/any postmaster mailbox _just_ because they use a null
return path.
I, the <postmaster@???>, never send mail using those addresses
in the return path of outgoing mail either.
However I never block any mail with a null return path _just_ because it
has a null return path, no matter who it is addressed to.
On the other hand I will block connections, even those with messages to
<postmaster>, for other more important reasons. (I don't even let them
get to the point of giving the "RCPT TO:" command in most cases, but
there are even some simple content filters I often use to reject mail
even after I know it is addressed to the postmaster or abuse mailboxes.)
I.e. I'm not trying to be absolutist about this -- just to make the
point that this one reason isn't valid or sufficient on its own.
> According to "rfc-ignorant.org" it is
> (http://rfc-ignorant.org/policy-postmaster.php):
Yeah, well I'm not "rfc-ignorant.org". :-)
They can make their own rules, and their own mistakes.
> Not really. It is much harder to weed out collateral spam from
> legitimate DSNs.
I the <postmaster@???> receive a lot of backscatter to
postmaster mailboxes. I've got sever domains being spoofed at this
minute.
However it's not very difficult at all to weed out the backscatter --
even when you receive hundreds per day as I do. You just need to learn
to use the right tool for the job. :-)
What really irks me most is when the spammer spoofs my postmaster or
mailer-daemon address to one of my own users and then when I reject the
message for whatever reason, such as "no such user", I still end up
getting the damn bounce!)
I use some simple matching filters in my main mail reader, ViewMail, to
sort out the worst of it. It's all automatic and quite reliable.
> For "real" users, it can be done with "envelope sender signatures" -
> i.e. attach a hash or cryptographic letter sequence in the "MAIL FROM:"
> address of outgoing mail:
> MAIL FROM:<woods=signature@???>
That's just as bogus and idea as SPF is. :-)
> I don't get this. Sender Address Verifcation (in Exim terminology
> "Sender Callout Verification") never happens on NULL senders. These
> are automatically accepted (sans other checks).
It's the "other checks" I'm talking about. :-)
> Precisely. That's why it is perfectly OK to reject NULL senders in for
> inbound-only addresses
yes, except,
> (like, usually, "postmaster").
no. <postmaster> is, and must be, "special".
--
Greg A. Woods
+1 416 218-0098 VE3TCP RoboHack <woods@???>
Planix, Inc. <woods@???> Secrets of the Weird <woods@???>
