Date: Wed, 15 Oct 1997 22:07:04 -0700 (MST) From: "Chad R. Larson" <chad@freebie.dcfinc.com> To: root@eyelab.psy.msu.edu (Gary Schrock) Cc: dkelly@hiwaay.net, freebsd-stable@FreeBSD.ORG Subject: Re: Anti-spam sendmail in 2.2.5? Message-ID: <199710160507.WAA01356@freebie.dcfinc.com> In-Reply-To: <199710160146.VAA18412@eyelab.psy.msu.edu> from Gary Schrock at "Oct 15, 97 08:50:48 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> >Is POP3 able to run bi-directionally with clients such as Eudora? I've not > >seen that option in my Eudora documentation. Maybe its time to move on to > >IMAP? Eudora can be configured to use some of the POP3 extensions (instead of SMTP) to send mail. If you set your systems up that way, you can have APOP authentication on originated mail. Unfortunately that doesn't help your backbone transport mechanism. And there's another factor not yet discussed here. If you follow the RFCs (and you certainly =should= if you believe in interoperablity) you are required to allow pass-through mail. Remember that the Internet was designed to be resilient. The ability to pass through mail, and to source route it, and to send it "in care of" were all intended to provide competent System Administrators ways to work around problems. This, of course, was engineered when the Internet was a cooperative effort, and deliberate abuse was rare. The Internet Engineering Task Force is currently addressing these issues, and new RFCs are in the offing. But don't lose sight that what we're discussing isn't strictly kosher. That having been said, I'm in sympathy with the desire to do something. We get 3rd party SPAM passed through our site 3 or 4 times a month and have to deal with the irate e-mail and phone calls from the ultimate recipient of the SPAM. I support legislation that would make it illegal to forge an e-mail header, or otherwise misrepresent the source of the e-mail. We are also looking at several other solutions. One is to integrate the POP3 server and SMTP together in a firewall/NAT box. That way the POP3 can do APOP authentication (encrypted, time stamped, etc.) and the SMTP guy would refuse to serve a machine that hadn't been authenticated within some short time window, say, 2 minutes. To the Eudora user this would just look like a rule that says "check your mail before sending." This would make it harder for our users to send spam untraceably. Also under consideration is insisting on a HELO during the SMTP handshake and doing a DNS lookup on that system. If they don't match, you refuse the traffic. If the connecting machine isn't in our domain, then only recipients within our domain would be accepted. These would be fairly easy to implement with the new check_ rules. -crl -- Chad R. Larson (CRL22) Brother, can you paradigm? 602-953-1392 chad@dcfinc.com chad@anasazi.com crl22@aol.com DCF, Inc. - 14523 North 49th Place, Scottsdale, Arizona 85254
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710160507.WAA01356>