Re: [exim] Heads up?

Top Page
Delete this message
Reply to this message
Author: Marilyn Davis
Date:  
To: Marc Sherman
CC: exim-users
Subject: Re: [exim] Heads up?
On Wed, 23 Mar 2005, Marc Sherman wrote:

> Marilyn Davis wrote:
> >
> > Thank you! Ok, I'm finished with spf.
> >
> > I have one more question, if anyone still has the patience to answer me.
> >
> > If the challenge to a spoofed message is sent at SMTP time in the
> > acl_smtp_data, doesn't the challenge go to the spoofer and not become
> > collateral spam?
>
> No. The challenge is sent as a separate email to the return path
> (envelope from), not as an SMTP rejection. That challenge mail will go


Thank you. But that's not quite my question. You say "The challenge
*is* sent ..." I think you mean that that's how the current C/R
systems work. I agree that the ones I've experienced are faulty.

I'm talking hypothetically here, trying to wrap my mind around the
possibilities.

*If* the challenge was sent back at smtp time in the acl_smtp_data,
wouldn't that be an improvement?

> to the same address regardless of when it is sent. There are three
> possibilities here:
> 1) Bogus return address: the challenge gets rejected at SMTP time, the
> original message is blackholed, no-one is annoyed. This is the same way
> that sender callout verification works.


Or the header_sender verification is even closer. But my
understanding is that this cannot check the local_part?

> 2) Valid return address on real mail: the original sender gets the 
> challenge, and is annoyed.
>     2a) The original sender answers the challenge, and the recipient 
> gets the original mail.
>     2b) The original sender ignores the challenge, and the original mail 
> is blackholed.
> 3) Faked return address (joe job): Some innocent third party gets the 
> challenge, and is annoyed.


Yes. This is the big problem. Is it not solved if the challenge is
sent at smtp time?

M.

>
> Cases 2 and 3 both suck, but case 2 is between the sender and the
> recipient; I don't really care much there. Case 3 is the real problem
> with c/r. I got joe-jobbed last year, and received a ton of bogus C/Rs.
> At the time, I just trained my spam filter (spambayes back then) to
> recognize them. I kind of wish I had that system filter I posted this
> morning to automatically approve delivery of all that spam, now.
>
> - Marc
>
>


--