Date: Thu, 16 Oct 1997 18:55:07 -0500 From: dkelly@hiwaay.net To: chad@dcfinc.com Cc: freebsd-stable@FreeBSD.ORG Subject: Re: Anti-spam sendmail in 2.2.5? Message-ID: <199710162355.SAA21850@nospam.hiwaay.net> In-Reply-To: Message from "Chad R. Larson" <chad@freebie.dcfinc.com> of "Wed, 15 Oct 1997 22:07:04 PDT." <199710160507.WAA01356@freebie.dcfinc.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Chad R. Larson replies: > > And there's another factor not yet discussed here. If you follow the > RFCs (and you certainly =should= if you believe in interoperablity) you > are required to allow pass-through mail. Remember that the Internet was > designed to be resilient. The ability to pass through mail, and to > source route it, and to send it "in care of" were all intended to > provide competent System Administrators ways to work around problems. > This, of course, was engineered when the Internet was a cooperative > effort, and deliberate abuse was rare. > > The Internet Engineering Task Force is currently addressing these > issues, and new RFCs are in the offing. But don't lose sight that what > we're discussing isn't strictly kosher. Then its past time for the RFC's to be changed. I would expect a "competent System Administrator" to ask permission of a site before routing mail thru them. And nothing we've discussed would prevent SysAdmins from being able to do that. > That having been said, I'm in sympathy with the desire to do something. > We get 3rd party SPAM passed through our site 3 or 4 times a month and > have to deal with the irate e-mail and phone calls from the ultimate > recipient of the SPAM. I support legislation that would make it illegal > to forge an e-mail header, or otherwise misrepresent the source of the > e-mail. I don't support legislation making it illegal to forge mail. I'd rather see RFC's alter the protocol into something that is extremely difficult to forge. Idiot lawmakers have already proven they Don't Have A Clue. > Also under consideration is insisting on a HELO during the SMTP > handshake and doing a DNS lookup on that system. If they don't match, > you refuse the traffic. If the connecting machine isn't in our domain, > then only recipients within our domain would be accepted. These would > be fairly easy to implement with the new check_ rules. That sounds like a good idea. Think my ISP has that rule implemented. When they added anti-spam rules to their sendmail it broke my FreeBSD SMTP which was configured badly anyhow. We've reached a compromise. They added nospam.hiwaay.net to their DNS, resolved to 127.0.0.1. I and others have used that name for our home systems. Some use it as their email address when posting to usenet. It resolves in DNS. Spammer tries to sent to it and spams their own postmaster. Or the unkowning forwarding host. -- David Kelly N4HHE, dkelly@hiwaay.net ===================================================================== The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199710162355.SAA21850>