Re: [exim] Heads up?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\Fred Viles at <-
MMSteve Lamb at ->
Delete this message
Reply to this message
Author: Marilyn Davis
Date:  
To: Marc Sherman
CC: exim-users
Subject: Re: [exim] Heads up?
On Wed, 23 Mar 2005, Marc Sherman wrote:

> Marilyn Davis wrote:
> >
> > Thank you! Ok, I'm finished with spf.
> >
> > I have one more question, if anyone still has the patience to answer me.
> >
> > If the challenge to a spoofed message is sent at SMTP time in the
> > acl_smtp_data, doesn't the challenge go to the spoofer and not become
> > collateral spam?
>
> No. The challenge is sent as a separate email to the return path
> (envelope from), not as an SMTP rejection. That challenge mail will go

Thank you. But that's not quite my question. You say "The challenge
*is* sent ..." I think you mean that that's how the current C/R
systems work. I agree that the ones I've experienced are faulty.

I'm talking hypothetically here, trying to wrap my mind around the
possibilities.

*If* the challenge was sent back at smtp time in the acl_smtp_data,
wouldn't that be an improvement?

> to the same address regardless of when it is sent. There are three
> possibilities here:
> 1) Bogus return address: the challenge gets rejected at SMTP time, the
> original message is blackholed, no-one is annoyed. This is the same way
> that sender callout verification works.

Or the header_sender verification is even closer. But my
understanding is that this cannot check the local_part? 

> 2) Valid return address on real mail: the original sender gets the 
> challenge, and is annoyed.
>     2a) The original sender answers the challenge, and the recipient 
> gets the original mail.
>     2b) The original sender ignores the challenge, and the original mail 
> is blackholed.
> 3) Faked return address (joe job): Some innocent third party gets the 
> challenge, and is annoyed.

Yes. This is the big problem. Is it not solved if the challenge is
sent at smtp time?

M.

>
> Cases 2 and 3 both suck, but case 2 is between the sender and the
> recipient; I don't really care much there. Case 3 is the real problem
> with c/r. I got joe-jobbed last year, and received a ton of bogus C/Rs.
> At the time, I just trained my spam filter (spambayes back then) to
> recognize them. I kind of wish I had that system filter I posted this
> morning to automatically approve delivery of all that spam, now.
>
> - Marc
>
>

--



This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] DNSBLsRe: [exim] Heads up?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)