[lug] Getting mail out of the Qwest/MSN mire

[Sean Reifschneider]

On Sun, Jul 09, 2006 at 04:21:13PM -0600, Bear Giles wrote:
>checks(*) on the envelope and headers and refuse the message if it 
>fails.  But if I accept it, it's going to the appropriate folder.  That 

I fully agree.  Block it in SMTP or deliver it if at all possible.
vPostMaster checks the quota at SMTP time even.  However, SMTP doesn't
really allow a good way for a multi-recipient message to have body checking
done at SMTP time.  What if one recipient thinks it's spam and one does
not?  There's no way in the DATA phase to accept one recipient and reject
another.  It would be nice if in response to the "." you could return a
response for each recipient.

This is one of the problems with confirmation systems, they tend to be done
at delivery time.  I've been toying with the idea of a confirmation system
which worked at RCPT time.  Kind of like greylisting.  "If I haven't seen
mail from X, to Y, coming from IP/netblock Z" before, then reject it with a
URL they can go to to confirm they are not a spammer.

Of course, hashcash is kind of already like that.  But, it's rare to see
anyone who publishes Hashcash on their outgoing messages.  Even though
SpamAssassin severely benefits messages with Hashcash.  I just checked my
logs, and so far this month the only messages with Hashcash I've seen have
been from tummy.com people.

>I'll be the first to admit that that's a luxury, one that will end when 
>email viruses start targetting Linux and/or Thunderbird.

If you send virus warning messages back to the sender, you are part of the
problem, not part of the solution.  It's not a luxury to not do that, it's
absolutely required.  That's my opinion.

>(*) I suspect the best single thing you can do is add a HELO check that 
>drops any message purporting to come from your own domain or IP 
>address.  It's quick, it's cheap, and there is absolutely no legitimate 
>reason for somebody to impersonate the receiving node.

Absolutely.  I've been running those checks for almost 2 years now and
they drop a buttload of e-mail.  Here's some information about what I was
seeing when I set it up:

   http://www.tummy.com/journals/entries/jafo_20041215_111632

There I said I was seeing that 20% of incoming connections were being
blocked because of "HELO <MY IP>".

Thanks,
Sean
-- 
 Gone Postal Sort: Iterate over elements, any element that is out of order you
 blow away.  -- Evelyn, Kevin, and Sean, watching Monty Python and reading DDJ
Sean Reifschneider, Member of Technical Staff <jafo at tummy.com>
tummy.com, ltd. - Linux Consulting since 1995: Ask me about High Availability