Re: [Asterisk-Users] Digium list server and spam assassin
Pete Barnwell wrote: "... Section 4.1.1.1 Extended HELLO (EHLO) or HELLO (HELO) Wrong part of the RFC.. that has nothing to say on this issue (other than allowing [216.207.245.2] as a valid string, which neatly bypasses your reverse check anyway). Section 3.6 is what you're looking for: "The domain name given in the EHLO command MUST BE either a primary host name (a domain name that resolves to an A RR) or, if the host has no name, an address literal as described in section 4.1.1.1." Note that there is *no* requirement for the reverse DNS to match, or even exist, only that the domain name given must resove to an A record for the sending host. The digium mailserver is conforming to this RFC exactly. Of course you're free to make it equal to your reverse DNS also... just that the RFC doesn't require it at all. Section 4.1.4 is also relevant: "An SMTP server MAY verify that the domain name parameter in the EHLO command actually corresponds to the IP address of the client. However, the server MUST NOT refuse to accept a message for this reason if the verification fails: the information about verification failure is for logging and tracing only." Note the MUST NOT here. Anything that rejects based on that information is breaking the RFC. It is of course free to do so - RFCs are voluntary after all - but it is not the fault of the sender in this case. If people would get this right we could eliminate 90% of current spam overnight. (Spammers would change their tactics, but why make matters easier for them?) Nonsense. Enforcing arbitrary rules on the HELO field isn't going to change anything - in fact most of the spam I have has a valid HELO since it comes through zombies, open proxies, spam-friendly ISPs (*cough* mci *cough*) etc. There are no magic ways of stopping spam. It's a social problem not a technological one. Make it illegal to knowingly host a spammer, make it illegal to use a spammer to ply your trade, lots of things might work (if politicians had the balls to enact the laws) but fiddling with the protocol isn't helping. Tony ___ --Bandwidth and Colocation sponsored by Easynews.com -- Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Digium list server and spam assassin
On Thu, 2005-10-20 at 21:07, Thorsten Lockert wrote: > On Oct 20, 2005, at 13:00, Jason Pyeron wrote: > > But the etiquette for SMTP is the HELO is done with a reverse > > friendly name. > > Huh? And which RFC say that? RFC2821 "... Section 4.1.1.1 Extended HELLO (EHLO) or HELLO (HELO) The argument field contains the fully-qualified domain name of the SMTP client if one is available. In situations in which the SMTP client system does not have a meaningful domain name (e.g., when its address is dynamically allocated and no reverse mapping record is available), the client SHOULD send an address literal (see section 4.1.3), optionally followed by information that will help to identify the client system. ..." If people would get this right we could eliminate 90% of current spam overnight. (Spammers would change their tactics, but why make matters easier for them?) >> This 'assists' in detection of spoofed dns spamming. >No, the only thing that will help with that is to >do lookups on the envelope sender and see if >the source IP is an allowed sender for the >domain used in the envelope. I mean, come >on... and that's SPF... Pete ___ --Bandwidth and Colocation sponsored by Easynews.com -- Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Digium list server and spam assassin
On Thu, 20 Oct 2005, Tony Hoyle wrote: Jason Pyeron wrote: But the etiquette for SMTP is the HELO is done with a reverse friendly name. Doing the reverse check for 164.138.16.69.in-addr.arpa is unnecessary, and will break in a great many legitimate cases, since ISPs often don't allow the reverse dns to be set independently (even for corporate networks). That may be the case with many SOHO mail servers, but any B2B provider of connectivity would not last 5 minutes with that policy. That being said, I am not going to spend time on this matter. If the Asterisk emails get dumped so be it. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Partner & Sr. Manager 7 West 24th Street #100 - - +1 (443) 921-0381 Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, purge the message from your system and notify the sender immediately. Any other use of the email by you is prohibited. ___ --Bandwidth and Colocation sponsored by Easynews.com -- Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Digium list server and spam assassin
Jason Pyeron wrote: But the etiquette for SMTP is the HELO is done with a reverse friendly name. This 'assists' in detection of spoofed dns spamming. It doesn't need to be the same though, only resolve to the same. if lists.digium.com == 69.16.138.164 then it is correct, and that's all the spoof checking you need. Doing the reverse check for 164.138.16.69.in-addr.arpa is unnecessary, and will break in a great many legitimate cases, since ISPs often don't allow the reverse dns to be set independently (even for corporate networks). The network scores for FORGED_RCVD_HELO, btw. are 0.05 (no bayes), and 0 (with bayes) That means that if you have bayes enabled it's a no-op, and even with no bayes you're only going to be adding 0.05 to the score... it'd need 100 other scores like that to be spam. Tony ___ --Bandwidth and Colocation sponsored by Easynews.com -- Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Digium list server and spam assassin
On Oct 20, 2005, at 13:00, Jason Pyeron wrote: But the etiquette for SMTP is the HELO is done with a reverse friendly name. Huh? And which RFC say that? This 'assists' in detection of spoofed dns spamming. No, the only thing that will help with that is to do lookups on the envelope sender and see if the source IP is an allowed sender for the domain used in the envelope. I mean, come on... Thorsten ___ --Bandwidth and Colocation sponsored by Easynews.com -- Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Digium list server and spam assassin
On Thu, 20 Oct 2005, Andrew Kohlsmith wrote: On Thursday 20 October 2005 14:45, Jason Pyeron wrote: it seems to be complaining that lists.digium.com does not match digium-69-16-138-164.phx1.puregig.net so either the reverse dns should to be fixed or the hostname used by the machine should be fixed. Or... you need to tune SpamAssassin. IIRC (but I could be wrong), DNS servers should have a PTR record, not necessarily reverse matching forward. In general that is correct. But the etiquette for SMTP is the HELO is done with a reverse friendly name. This 'assists' in detection of spoofed dns spamming. EX: 64.4.32.7 connects to mail.pdinc.us and says: HELO mail.ibm.com mail.pdinc.us should mark the message as: received from mail.ibm.com (hotmail.com [64.4.32.7]) and the user should then know that there is something wrong hotmail.com != ibm.com So no, it is not SpamAssassin which needs tuning in this case, lists.digium.com should say HELO digium-69-16-138-164.phx1.puregig.net instead. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Partner & Sr. Manager 7 West 24th Street #100 - - +1 (443) 921-0381 Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, purge the message from your system and notify the sender immediately. Any other use of the email by you is prohibited. ___ --Bandwidth and Colocation sponsored by Easynews.com -- Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [Asterisk-Users] Digium list server and spam assassin
On Thursday 20 October 2005 14:45, Jason Pyeron wrote: > it seems to be complaining that lists.digium.com does not match > digium-69-16-138-164.phx1.puregig.net > so either the reverse dns should to be fixed or the hostname used by the > machine should be fixed. Or... you need to tune SpamAssassin. IIRC (but I could be wrong), DNS servers should have a PTR record, not necessarily reverse matching forward. -A. ___ --Bandwidth and Colocation sponsored by Easynews.com -- Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
[Asterisk-Users] Digium list server and spam assassin
it seems to be complaining that lists.digium.com does not match digium-69-16-138-164.phx1.puregig.net so either the reverse dns should to be fixed or the hostname used by the machine should be fixed. Return-Path: <[EMAIL PROTECTED]> Received: from lists.digium.com (digium-69-16-138-164.phx1.puregig.net [69.16.138.164]) by ns.pyerotechnics.com (8.11.6/8.11.6) with ESMTP id j9KIMgt16768 for <[EMAIL PROTECTED]>; Thu, 20 Oct 2005 14:22:43 -0400 X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on ns.pyerotechnics.com X-Spam-Level: X-Spam-Status: No, score=4.5 required=5.0 tests=FORGED_RCVD_HELO autolearn=no version=3.0.2 -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- - - - Jason Pyeron PD Inc. http://www.pdinc.us - - Partner & Sr. Manager 7 West 24th Street #100 - - +1 (443) 921-0381 Baltimore, Maryland 21218 - - - -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, purge the message from your system and notify the sender immediately. Any other use of the email by you is prohibited. ___ --Bandwidth and Colocation sponsored by Easynews.com -- Asterisk-Users mailing list Asterisk-Users@lists.digium.com http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users