From owner-freebsd-chat Sat Mar 9 14:27:38 2002 Delivered-To: freebsd-chat@freebsd.org Received: from sydney.worldwide.lemis.com (sng-exchange.skynetglobal.com [203.53.129.130]) by hub.freebsd.org (Postfix) with ESMTP id 6013B37B400 for ; Sat, 9 Mar 2002 14:27:33 -0800 (PST) Received: (from grog@localhost) by sydney.worldwide.lemis.com (8.11.6/8.9.3) id g288V2U00739; Fri, 8 Mar 2002 19:01:02 +1030 (CST) (envelope-from grog) Date: Fri, 8 Mar 2002 19:01:02 +1030 From: Greg Lehey To: Brett Glass Cc: "Gary W. Swearingen" , chat@FreeBSD.ORG Subject: Rejecting spam, accepting valid mail (was: Mail blocked) Message-ID: <20020308190102.B679@sydney.worldwide.lemis.com> References: <4.3.2.7.2.20020307094130.01f59240@nospam.lariat.org> <4.3.2.7.2.20020306234510.01ee0180@nospam.lariat.org> <4.3.2.7.2.20020306234510.01ee0180@nospam.lariat.org> <4.3.2.7.2.20020307094130.01f59240@nospam.lariat.org> <3cg03ccef4.03c@localhost.localdomain> <4.3.2.7.2.20020307221616.00cb9980@nospam.lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <4.3.2.7.2.20020307221616.00cb9980@nospam.lariat.org>; from brett@lariat.org on Thu, Mar 07, 2002 at 10:19:55PM -0700 Organization: The FreeBSD Project Phone: +61-8-8388-8286 Fax: +61-8-8388-8725 Mobile: +61-418-838-708 WWW-Home-Page: http://www.FreeBSD.org/ X-PGP-Fingerprint: 6B 7B C3 8C 61 CD 54 AF 13 24 52 F8 6D A4 95 EF Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thursday, 7 March 2002 at 22:19:55 -0700, Brett Glass wrote: > At 01:26 PM 3/7/2002, Gary W. Swearingen wrote: > >> Are you sure? I've posted to other freebsd MLs with that kind of ID. >> If you're reading this, I think you'll find "localhost." in the ID. > > You escaped the filter by sheer luck. I just found out that the rule > they're using is > > /^Message-Id:.*@localhost>$/ REJECT > > Your IDs say "localhost.localdomain", not just "localhost", so they > slip through. The correct solution to this one is to fix the rule, not continue using invalid hostnames. I use a number of techniques to reject spam. It's fairly clear that an invalid server name can be construed in a number of ways: 1. An attempt to defraud: In: EHLO localhost.localdomain Out: 250-wantadilla.lemis.com Out: 250-PIPELINING Out: 250-SIZE 10240000 Out: 250-ETRN Out: 250 8BITMIME In: MAIL From: SIZE=1790 Out: 250 Ok In: RCPT To: Out: 450 Client host rejected: cannot find your hostname, [211.23.186.108] This one is clearly spam. 2. A complete incompetence: In: EHLO husqvarna.amazon.com Out: 250-wantadilla.lemis.com Out: 250-PIPELINING Out: 250-SIZE 10240000 Out: 250-ETRN Out: 250 8BITMIME In: MAIL FROM:<> SIZE=2039 Out: 250 Ok In: RCPT TO: Out: 450 Client host rejected: cannot find your hostname, [207.171.187.128] I'm currently offline, so I don't know if this is amazon or not. But if it is, the system administrators need to be taken out and shot. 3. Problems like the ones you describe (NAT, etc.). That's more of a problem. I'm sure that localhost and localhost.localdomain are always wrong names. But if you're really not on the global Internet, you should probably have a mail server which is, which is correctly configured, and which is prepared to accept your mail. Is there any objection to this? Greg -- See complete headers for address and phone numbers To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message