Re: [exim] How to not reply to bad mail

Top Page
Delete this message
Reply to this message
Author: W B Hacker
Date:  
To: Chris Siebenmann, exim users
Subject: Re: [exim] How to not reply to bad mail
Chris Siebenmann wrote:
> You write:
> | > Is there an RFC specifying that you need a static IP and DNS entries
> | > --- or the other way round, is there an RFC specifying that receiving
> | > hosts can/should/must require sending hosts to have them?
> |
> | ..and to HELO with a FQDN [2], while we are on the subject..
> |
> | Only since the original RFC 822
> |
> | Much has changed, those 'basics' have not.
> |
> | WinZombies can almost NEVER satisfy any part of that, let alone the
> | whole lot, so there's your first, cheapest, and most effective tool
> | against spam and WinCrobes.
> [...]
> | At the end of the day, it is we (mailadmins) who created the spam
> | environment FOR the zombie farmers.
> |
> | What we did was tell ourselves 'be generous in what you accept'.
> |
> | Dunno WHY we did that when we surely would not have eaten s**t served as
> | steak just to 'be polite'.
>
> It is worth noting that the usefullness of such measures is a temporary
> situation created exactly by the laxness of mailers.


'Temporary' has been over ten years now....

> In much the same
> way that spammers once used invalid MAIL FROM domains and now almost
> never do so because MTAs started checking those, the only reason that
> spammers don't bother to use valid EHLO/HELOs and don't send only from
> machines with valid reverse DNS is that not very many MTAs care.


Forging a HELO is easy. Forging it to match a DNS entry is not hard.
Forging your connecting IP to match *that* is several orders of
magnitude harder, given modern switching and routing technology.

They don't send from 'valid' because they do not control, and dare not
be associated with control of, 'valid' anything.

> If a
> significant number of MTAs started caring, so would the spammers, and
> all your spam would suddenly pass EHLO/HELO checks and so on.
>


No, it would NOT. it is beyond their 'effective' reach.

> (Or in short: spammers are lazy, not stupid.)
>


The majority being criminal gangs, NOT merely overzeleous travel
agencies et al, they also have to *hide* and keep on moving about.

The stolen resurces they use in infected WinBoxen zombie-farms cannot
get fixed-IP and proper DNS entries by means of mere clever code.

There have to be registered relays or such *somewhere* if there are to
be 'proper' rDNS and HELO FQDN that match the connected IP.

No sooner do they make themselves 'visible' in that way than they are
outed, RBL'ed, back-tracked, cut-off by their colloc/upstream and/or
chased by prosecutors. They cannot survive w/o their pools of millions
of nameless zombies.

Or in short: *mailadmins* are lazy, AND stupid (to not enforce these
simple and hard-to-forge 'zombie-killer' tests).

> The direct corollary of this is that a whole lot of non-spammer things
> *also* don't get these right, because next to nothing cares about them.
>
> ---


That is true. And would ALSO get rapid correction if/as/when more of
the recipient MTA started to enforce the rules.

Bill