Date: Tue, 29 Oct 2002 12:41:36 -0800 From: Terry Lambert <tlambert2@mindspring.com> To: Cliff Sarginson <cls@raggedclown.net> Cc: freebsd-chat@freebsd.org Subject: Re: SMTPD-32 Message-ID: <3DBEF280.54F2C5B4@mindspring.com> References: <20021029162201.GA1296@raggedclown.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Cliff Sarginson wrote: > Does anyone know why the relaying of mail through an SMTPD-32 server > scores high points on my spamassasin checker. What is it ? A piece of > email to freebsd Qs got in my spam folder partly because of it - non > Spam I should emphaise. > Google tells me it is some piece of software sold by BMT Micro .. > whoever they are. SMTPD_IN_RCVD ...Basically, your message's "Received:" timestamp line had the atom "smtpd" in it (e.g in place of something like "sendmail", etc.). The answer to this is that this is given a high rating in the rules (you can change your local copy to give it a lower rating if you want). The reason for this high rating is that the pair of programs "smtpd" and "smtpfwdd", which are designed to receive mail into a chroot environment to prevent buffer overflow attacks from working (see Obtuse System's documentation on the code for more details) have historically been very, very easy to trick into forwarding SPAM. It's possible to lock them down, in more recent versions, and with the correct blocking rules, but most people don't know about how to write correct blocking rules. Old InterJet's used to use Obtuse system's smtpd/smtpfwdd software, so I am very familiar with this problem. Another alternative is to modify the string that SMTP-32 records in the "Received:" timestamp line, to, say, "SMTP-32", instead of "smtpd". Of course, a lot of fools believe in "security through obscurity", and would therefore argue that this would reveal some information which can be used for software-targetted attacks -- as if the people who do this sort of thing wouldn't use all the possible attacks, rather than just targetted ones. So... uless you can get the sender to hack their binary (zapping the "d" in the format string with a binary editor would be enough), then your only choices are to live with it, or to modify the weight for that particular attribute of a message. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DBEF280.54F2C5B4>