[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: 2.99.50(snap4) now at ftp.funet.fi (was: Re: Spam help.)

To: mea@nic.funet.fi
Subject: Re: 2.99.50(snap4) now at ftp.funet.fi (was: Re: Spam help.)
From: Alvin Starr <alvin@iplink.net>
Date: Mon, 25 May 1998 11:29:52 -0400 (EDT)
cc: zmailer@nic.funet.fi
In-Reply-To: <19980525134946Z2358-503+2043@nic.funet.fi>

On Mon, 25 May 1998 mea@nic.funet.fi wrote:

> ....
> > Got the doc's and read through the approprate sections. The documents 
> > describe the HELO portion of the smtpserver config file as containing 2 
> > fields. 
> 
> 	No, you can't achieve reliable anti-relay facilities without
> 	deploying full smtp-policy configuration.

I am actually running the full smtp-policy configuration. I only accept 
mail from valid internal hosts for relaying out and only accept outside 
mail for systems that we are the MX for.

Some ^%$#^%@^&^%$&(*(_& is using our system to deliver spam. From what I 
see the problem is that he is saying that he is a system on our network 
and since we accept mail from systems on our subnet I end up delivering 
the mail for him. 

> 
> 	This part you are referring to at the end of the  smtpserver.conf
> 	is of the oldest kind of configuration, and while it has some
> 	behaviour relationships with the EHLO/HELO argument, it in itself
> 	is not POLICY CONTROL.
> 
> > This is from the the older docs just for simplicity(I have problems 
> > cutting and pasting Postscript).
> > #
> > # HELO/EHLO-pattern     style-flags
> > #               [max loadavg]
> > #
> > localhost           999 ftveR
> > some.host.domain    999 !NO EMAIL ACCEPTED FROM YOUR MACHINE
> > \[*\]               999 ve
> > *                   999 veR
> > 
> > There appear to be 3 fields. I assume the middle one is "max loadavg" but 
> > I am not sure.
> > 
> > What I have done is to comment out the:"\[*\]               999 ve"
> > 
> > Is it safe to assume that No valid Email source will be sending mail from 
> > a non resolved address?
> 
> 	The "\[*\]" is there to handle HELO lines like:
> 
> 		HELO [11.22.33.44]
> 
> 	It does not relate to the the connection source IP address
> 	reversability, or lack of it.

As above the spammer is sending HELO [11.22.33.44] where [11.22.33.44] is 
the address of my mailserver. but his reverse lookup is xxx.yyy.zzz.uu.net.


Alvin Starr                   ||   voice: (416)493-3325
Interlink Connectivity        ||   fax:   (416)493-7974
alvin@iplink.net              ||

Follow-Ups:
- Re: 2.99.50(snap4) now at ftp.funet.fi (was: Re: Spam help.)
  - From: mea@nic.funet.fi (Tue, 26 May 1998 15:46:32 +0300)

References:
- Re: 2.99.50(snap4) now at ftp.funet.fi (was: Re: Spam help.)
  - From: mea@nic.funet.fi

Prev by Date: Re: 2.99.50(snap4) now at ftp.funet.fi (was: Re: Spam help.)
Next by Date: Rewriting UUCP-style address...
Prev by thread: Re: 2.99.50(snap4) now at ftp.funet.fi (was: Re: Spam help.)
Next by thread: Re: 2.99.50(snap4) now at ftp.funet.fi (was: Re: Spam help.)
Index(es):
- Date
- Thread