I recently set up a new firewall and decided to implement spamd/greylisting for a mailserver on my server network. (There's a LAN of rfc1918 stuff as well but that's not important here)
After doing the config I decided to go look at what the sending MTA sees when trying to send mail to my server. So I did telnet mail.example.com 25 (gee it was tough to get <that> domain 8-) ) and was a little urprised to see that it looked like I was a spammer already going by the banner and response lines but I guessed that I was just getting the greylist treatment when there were no delays. So all of that worked fine and greylisting is a go. Next I added a remote machine that doesn't have an MTA to my personal blacklist and did the telnet thing from there by logging into to it by ssh. I immediately saw the difference even though the messages were the same. The one-character-per-second output of responses had me chuckling. So I just acted like some spammer MTA and went on through the HELO and MAIL FROM: and RCPT TO: steps and was surprised to see that I was allowed to send data. I expected the 450/550 response after the RCPT. It did make me wonder whether I want to use spamd in tarpit mode for the blacklist guys. I don't want to end up with buckets of incoming traffic if one of the warped minds decides to detect spamd and send megabytes of payload. So, is there some limit to what we accept in the DATA phase given that if we let it start we should expect the sender to not listen to any response until it has sent the newline-dot-newline at the end? I know that I can just rewrite my pf.conf to blackhole the blacklist but I figured an answer from one of the experts may make me happy to leave it as is. A clue please. >From the land "down under": Australia. Do we look <umop apisdn> from up over? Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server.