[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Something strange...

To: carolina@riu.edu.ar
Subject: Re: Something strange...
From: mea@nic.funet.fi
Date: Mon, 22 Jun 1998 00:23:53 +0300 (EET DST)
Cc: zmailer@nic.funet.fi
In-Reply-To: <m0ylyU7-0007rOC@ccc.uba.ar> from "carolina@riu.edu.ar" at Jun 16, 98 01:21:23 pm

> We have implemented some filters avoiding the third-party-relay and
> the spam, looking at the logs we find that  sombody try to send a
> message to a not allowed address and the Zmailer answered well but...
> LOOK what happend then:

	Indeed I see similar cases too.
	Apparently there are spam-feeder clients that do
	blind push of SMTP protocol feed without bothering
	to do even PIPELINING facility mandated checkpoints.
	I am not quite sure if those programs bothered to
	do collections of status reports; perhaps they did,
	but did it only at the time of collecting results
	for the DATA-phase ending dot.

	I do think I have seen similar behaviour also on
	NetScape Communicator 4.05 sending SMTP email with
	misconfigured source address (and thus rejections
	hitting the poor sender...)

	So, it may be due to a software bug at the sending
	side, or genuine spamming software with weird ways
	to "improve" transmission throughput...

		/Matti Aarnio <mea@nic.funet.fi>

> 23665r  MAIL From:<hotstuff@earthlink.net>
> 23665   -- policy result=0, msg: <NONE!>
> 23665w  250 2.1.0 Sender syntax Ok
> 23665r  RCPT To:<fruittoot2@aol.com>
> 23665   -- policy result=-1, msg: <NONE!>
> 23665w  553 5.7.1 Policy rejection on the target address
> 23665r  DATA
> 23665w  503 5.5.2 Waiting for RCPT command
> ******************************************* that's OK, but....
> 23665r  To: hedgehog@yahoo.com
> 23665w  550 5.5.2 Unknown command 'To: hedgehog@yahoo.com'
> *********************************************************
> 23665#  -- pipeline input exists 464 bytes
> 23665r  Date: Mon, 15 Jun 98 23:30:45 EST
> 23665w  550 5.5.2 Unknown command 'Date: Mon, 15 Jun 98 23:30:45 EST'
> ********************************************************************
> 23665#  -- pipeline input exists 430 bytes
> 23665r  From: hotstuff@earthlink.net
> 23665w  550 5.5.2 Unknown command 'From: hotstuff@earthlink.net'
> ****************************************************************
> ...
> 23665#  -- pipeline input exists 2 bytes
> 23665r  .
> 23665w  550 5.5.2 Unknown command '.'
> 23665r  RSET
> 23665w  250 2.0.0 Ok
> 23665r  QUIT
> 
> 
> Don't you think that it would be better to reject the connection before?
> Sombody  could send a lot of lines keeping busy the server, lowing it 
> performance.
> 
> 
> 
> 
> 
> -- 
>   +------------------------------------------+
>   + Ma. Carolina Leon Carri                  + 
>   + Red de Interconexion Universitaria - RIU +
>   + e-mail: carolina@riu.edu.ar              +
>   + Tel: (541) 511-1201                      +
>   +------------------------------------------+
>

References:
- Something strange...
  - From: carolina@riu.edu.ar

Prev by Date: Re: dns tests in policytest
Next by Date: Re: dns tests in policytest
Prev by thread: Something strange...
Next by thread: Help with my problem!
Index(es):
- Date
- Thread