On Wed, Mar 10, 2004 at 04:19:57PM -0600, Kyle Hasselbacher wrote: > I think the idea is that the spammer would connect directly to the victim's > mail server, forge an address, and get a reject immediately. Rather than > generate a bounce message to the forged address, the spammer goes on to the > next victim on the list. Regular users would get the bounce because their > legitimate mail server would generate one when it gets the rejection.
yes. my understanding is that a lot of spam comes from zombie machines. i suspect that the "mta" those machines use just drop rejects. your address won't get removed from the list but you won't send mail back to some innocent person. in the current scenario, it might be nice if there was some way for tmda to tell its mta to use the ip address of the peer mta we got the mail from. so let's say we get a mail from [EMAIL PROTECTED] via an mta at ip address 1.2.3.256. when tmda sends it's challenge back it sends a hint to the local mta that it should try to send it back via 1.2.3.256. it can then be configurable as to whether it gives up if that fails or if it then continues on and looks for the mx for example.com. obviously there are issues with this method. if the connection was made **at the same time** as the mail was being received it would remove the issue of the machine being down. > The problem with this scheme that jumps out at me is that the challenging > mail server gets ONE LINE to issue its challenge (the message sent with the > SMTP rejection). That line is supposed to be returned to the user, but it > typically is one line in a much larger message. When I get a bounce > message, it's a pain to have to figure out why. I know some people get > them and CAN'T figure out why. That one line is just not big enough to get > the attention it needs to be a challenge that someone can answer. yes. this is true. when people talk about changing smtp, this is what i think would be a much better change - better error reporting. the ability to issue a full mail message to go with an error code. the above idea of trying to send the message back via the ip it came from rather then using the from address to find that ip address is another option though it has obvious issues. essentially mta's need to provide a better interface for programs like tmda, spamassassin, teergrubers and virus scanners. i only know sendmail and i haven't really looked hard at milters, but from what i understand from those who have is that there are issues with them. some way to hook into mta's at smtp time - at each point, to be able to change messages, to be able to affect the smtp conversation directly. and it would be nice if there was a consistent way to do this across mta's (in the interests of tmda developer sanity). anyway, random ramblings, never mind me. kevin -- [EMAIL PROTECTED] ~~ 8/1/01 fbi deputy director john o'neill resigned due to bush's policy on terrorism. they were told to "back off" their bin laden and al queda investigations while the bush admin negotiated with the Taliban. --~~--~~--~~--~~--~~--~~--~~--~~-- http://www.rememberjohn.com/
pgp00000.pgp
Description: PGP signature
_____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
