From owner-freebsd-hackers Fri May 2 22:47:48 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id WAA13954 for hackers-outgoing; Fri, 2 May 1997 22:47:48 -0700 (PDT) Received: from panda.hilink.com.au (panda.hilink.com.au [203.2.144.5]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id WAA13949 for ; Fri, 2 May 1997 22:47:44 -0700 (PDT) Received: (from danny@localhost) by panda.hilink.com.au (8.8.5/8.7.3) id PAA06372; Sat, 3 May 1997 15:48:11 +1000 (EST) Date: Sat, 3 May 1997 15:48:10 +1000 (EST) From: "Daniel O'Callaghan" To: "Jeffrey J. Mountin" cc: FreeBSD-Hackers@FreeBSD.ORG Subject: Re: SPAM target In-Reply-To: <3.0.32.19970503001034.00bde1cc@mixcom.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-hackers@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Sat, 3 May 1997, Jeffrey J. Mountin wrote: > Sendmail should not accept messages that have a blank 'MAIL From:' and we > will not accept this, missing "@" or missing "." (first checks) and then > goes on to see if there is a valid TLD after the rightmost "." etc and this > would block a very large portion of junk mail. Only until the rats learn the new maze - all they have to do there is to give a real domain with a fake user. e.g. nobody@lon3.melbourne.telstra.net. So then you teach sendmail to attempt to verify the user in the From: MAIL FROM: {hang on a tick, connect hilink.com.au, HELO, MAIL FROM: , RCPT TO: , 250 RCPT OK, QUIT} Now, what were you saying... So then they take the first bunny in the list of spam addresses and make him the apparent sender. :-( The only real solution is the removal of SMTP and a new MTP which requires everyone in the world to have a signing certificate from a recognised CA. Danny