Hi, (my email has 2 part .. I wrote the second before the 1st .. but after thinking a little .. people will think it's only a flame email and won't read my idea <don't know if is a original one> .. so put the flame part after the idea one ;o) )
In a long term solution ... *I think* the best case should be : 1 .) when your MTA receives a message from a spammer, we can check 1.a.) is the client IP is blacklisted ? 1.a.yes) write an error message or increase ip score (aquired and stored from/in centralized blacklist) 1.a.no ) continue 1.b.) the message is a already identified as spam by others ? (using razor,phyzor,dcc,so on). 1.b.yes) increase the ip score in blacklist database and reject message (or accept if is admin desire) 1.b.no ) deliver to MDA if admin think is needed, after 1.b, you can use spamassassin or other content based spam filter ... this IP centralized blacklist do not store ip addresses forever ... if and ip address status ins't increased after 1 day, it will be removed, or his score will decrease as time pass ... other nice feature ... when a ip address is queried too much times in X minutes with same MD5 (for example) , start to increase to a 'warning level' .. maybe the admin choose wich level (s)he will start to consider it as spam ... (multiple address to same domain increase much lesser than to multiple domains) This way, a spammer could only delive message to 100 or 200 addresses before it's IP got a high warning level and ppl reject email from it. Probably he will change his IP after a couple of hours ... so after two days or three, this "old" IP will be removed, so the next user will be a happy one =). I don't think in a "perfect" case to deal with spam because it won't will exist !! .. so .. receiving 1 or 2 spam messages per week is good ... better than deny lots of non-spam messages .. sorry for poor english .. this idea came up at 0:17 AM .. have to wake up soon .. :o/ If anyone like to discuss it ... feel free ... I will try to make my english understandable .. =) C'ya ! ----------------- flame part ----------------- I think I will have some problems .. :o/ ... I have my own MTA because : 1.) My ISP MTA sucks .. I'm a heavy broadband user .. (received 1 Gb email last week .. but this is very rare .. but very common the 30 Mb ones) and my ISP allows only 2 Mb message !!!! .. for a modem user is ok .. but for a broadband one ?!?!? 2.) My ISP MTA sucks again ... only allow From their emails .. not my other accounts without SMTP .. (hotmail for example .. or my own domain .. ) Maybe blacklisting is more effective way .. for example .. you could use mail-abuse.org lists .. of course if everyone uses it, almost all spam will be erradicated ... and if someone like me are listed in a DUL (Dial-up list) or my dynamic ip got blacklisted, I will try to use my ISP MTA (those that sucks) to create a "static mail route" to courier forward email to that domain to my ISP MTA (yeah ... that one) I think the big problem with email hijacking is those dumb users that reply to you to remove from your teorical spam list ... of those dumb MTA (like my ISP one) that receives email from some IP (that must be blacklisted), closes the connection with a OK message ... and after delivery to MDA (in a clustered enviroment) the MDA says mailbox doesn't exist or quota exceed .. and mail back to you (using header from) ... On Tue, 2003-08-19 at 18:41, [EMAIL PROTECTED] wrote: > After having email addresses in my domains hijacked (both users that exist > & those that don't) left, right, and center I can't take it anymore! > Is it possible/insane to have esmtpd (& any other MTA) do a reverse > DNS check on the MAIL FROM address to ensure that the domain specified > there match the domain of the sending machine? > I don't care if it takes a couple extra seconds to do that check, endless > email hijacking is totally ridiculous & HAS to stop. I'm stick of > seeing zillions of bounces from spam emails no one in my domain ever sent. > SO someone please tell me what's so horrible about: > > 1. client connects & sends MAIL FROM address > 2. server reverse DNSs the client's IP > 3. if the domain doesn't match the domain in the FROM address or > the IP is not resolvable the email is rejected > > OR > > 1. client connects & sends MAIL FROM address > 2. server DNSs the MX record for the domain in the FROM address > 3. if the IP of client does NOT match one of the MX records for that domain > the email is rejected. > If domains want to allow other machines than their mail servers to be able > to send emails using their domain they can add them with a very high MX > priority so they never actually get used as a mail server BUT do show > as legtimate sources of mail traffic for that domain > > > of course everyone across the internet would have to do this BUT if they DID > then we REALLY cut down on spam - & virtually totally eliminate email > hijacking. > > Again who really cares about the extra 1 second or so the DNS lookups will > take - & of course most likely they're cached locally anyway after the > first hit. > > Currently our mail infrastructure is setup to first accept and THEN see > if there's something wrong with the message - HOWEVER with the tidal wave > of spam that now is more numerous than legit email this paradigm needs to > be switched: email should first be REJECTED UNLESS there's compelling > reasons to be accepted... > > Of course these same checks could also be done the 'From:' & 'Reply-To:' > headers - which I also think is a good idea but requires more intervention > & maybe someone has a problem with looking into the headers BUT with > spam being WAY out of control we gotta take more serious steps to stem the > tide. > > whatcha'll think? > Mark > > > ------------------------------------------------------- > This SF.net email is sponsored by Dice.com. > Did you know that Dice has over 25,000 tech jobs available today? From > careers in IT to Engineering to Tech Sales, Dice has tech jobs from the > best hiring companies. http://www.dice.com/index.epl?rel_code=104 > _______________________________________________ > courier-users mailing list > [EMAIL PROTECTED] > Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users ------------------------------------------------------- This SF.net email is sponsored by Dice.com. Did you know that Dice has over 25,000 tech jobs available today? From careers in IT to Engineering to Tech Sales, Dice has tech jobs from the best hiring companies. http://www.dice.com/index.epl?rel_code=104 _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
