[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Re: SMTP hole maybe - any ideas

Subject: [cobalt-users] Re: SMTP hole maybe - any ideas
From: Charlie Summers <charlie@xxxxxxxxxx>
Date: Wed Jun 4 10:15:01 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

At 12:24 PM -0400 6/4/03, B3K.net - Webmaster is rumored to have typed:

> I know this is how it's supposed to work (delivery side) but it does allow
>people with a dynamic IP connections to send mail to
> domains on our servers without fear of being blocked or banned.

   Well yeah, sure does; that's how it was designed. You need to use one of
the blocking lists (look at http://relays.osirusoft.com/ for various
dynamic-IP block RBLs you might consider), and even they won't block every
direct-to-MX spammer. (Even so, it beats the idea of using procmail as a spam
blocker - that isn't what it was designed to do, and you've immediately noted
one of the many flaws in that idea. The RBLs will allow you to at least shut
down some direct-to-MX connections at the sendmail level instead of waiting
until the mail is delivered to your server and _then_ trying to cope with it.)

> The problem is, to stop
> it would mean some form of pre smtp auth.

   No, the problem is to "stop it" requires auth as an integral part of the
SMTP specs, something that was never designed into the system. Welcome to
catching up to the main problem in email transport that many of us have been
dealing with for way over a decade...in the good-old-days, it was assumed
that since everyone had an SMTP server to send email through, there wouldn't
be any reason for anyone to send mail through anyone else's, and so there was
no reason to authenticate _sending_ mail, only _receiving_ it. And it was
just plain silly to think that anyone would attempt to _hide_ where they were
sending mail from; I mean,m why in the world would anyone want to do such a
thing? Turned out to be a _major_ blunder, but back then, who knew?

   The only _real_ solution is the universal replacement of Simple Mail
Transfer Protocol with a new protocol (CMTP?) which includes auth in the
specs from the beginning. And that ain't gonna happen because of the inertia
and legacy, so forget all about it and move on, dealing with the flawed
system we have the best you can. (All of the other possible solutions are
even more kludgy and have even _less_ chance of being universally accepted.)

   But please understand that the realization you have come to suddenly is
NOT a new thing by any stretch...it's been a problem ever since shortly after
the USENET C&S green-card scam showed the spammer scum how easy it was to
blanket the Net with crap. Start reading net.admin.net-abuse.email and you'll
find many _practical_ steps you can take, instead of just wishing that things
were different.

         Charlie

References:
- RE: [cobalt-users] SMTP hole maybe - any ideas
  - From: Ian
- Re: [cobalt-users] SMTP hole maybe - any ideas
  - From: B3K.net - Webmaster

Prev by Date: RE: [cobalt-users] SMTP hole maybe - any ideas
Next by Date: RE: [cobalt-users] Re: Future of Cobalt
Previous by thread: RE: [cobalt-users] SMTP hole maybe - any ideas
Next by thread: Re: [cobalt-users] SMTP hole maybe - any ideas

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index