[Asterisk-Users] Digium list server and spam assassin
Tony Hoyle
tmh at nodomain.org
Thu Oct 20 17:31:15 MST 2005
Pete Barnwell wrote:
> "...
> Section 4.1.1.1 Extended HELLO (EHLO) or HELLO (HELO)
>
Wrong part of the RFC.. that has nothing to say on this issue (other
than allowing [216.207.245.2] as a valid string, which neatly bypasses
your reverse check anyway).
Section 3.6 is what you're looking for:
"The domain name given in the EHLO command MUST BE either a primary
host name (a domain name that resolves to an A RR) or, if the host
has no name, an address literal as described in section 4.1.1.1."
Note that there is *no* requirement for the reverse DNS to match, or
even exist, only that the domain name given must resove to an A record
for the sending host.
The digium mailserver is conforming to this RFC exactly.
Of course you're free to make it equal to your reverse DNS also... just
that the RFC doesn't require it at all.
Section 4.1.4 is also relevant:
"An SMTP server MAY verify that the domain name parameter in the EHLO
command actually corresponds to the IP address of the client.
However, the server MUST NOT refuse to accept a message for this
reason if the verification fails: the information about verification
failure is for logging and tracing only."
Note the MUST NOT here. Anything that rejects based on that information
is breaking the RFC. It is of course free to do so - RFCs are voluntary
after all - but it is not the fault of the sender in this case.
> If people would get this right we could eliminate 90% of current spam
> overnight. (Spammers would change their tactics, but why make matters
> easier for them?)
Nonsense. Enforcing arbitrary rules on the HELO field isn't going to
change anything - in fact most of the spam I have has a valid HELO since
it comes through zombies, open proxies, spam-friendly ISPs (*cough* mci
*cough*) etc.
There are no magic ways of stopping spam. It's a social problem not a
technological one. Make it illegal to knowingly host a spammer, make it
illegal to use a spammer to ply your trade, lots of things might work
(if politicians had the balls to enact the laws) but fiddling with the
protocol isn't helping.
Tony
More information about the asterisk-users
mailing list