MESSAGE
| DATE | 2010-03-02 |
| FROM | Paul Robert Marino
|
| SUBJECT | Re: [NYLXS - HANGOUT] this should not get through
|
From owner-hangout-outgoing-at-mrbrklyn.com Tue Mar 2 16:39:18 2010
Return-Path:
X-Original-To: archive-at-mrbrklyn.com
Delivered-To: archive-at-mrbrklyn.com
Received: by www2.mrbrklyn.com (Postfix)
id 6666C5401E; Tue, 2 Mar 2010 16:39:18 -0500 (EST)
Delivered-To: hangout-outgoing-at-www2.mrbrklyn.com
Received: by www2.mrbrklyn.com (Postfix, from userid 28)
id 55687542E8; Tue, 2 Mar 2010 16:39:18 -0500 (EST)
Delivered-To: hangout-at-mrbrklyn.com
Received: from mail-fx0-f219.google.com (mail-fx0-f219.google.com [209.85.220.219])
by www2.mrbrklyn.com (Postfix) with ESMTP id B63D95401E
for ; Tue, 2 Mar 2010 16:39:17 -0500 (EST)
Received: by fxm19 with SMTP id 19so843840fxm.21
for ; Tue, 02 Mar 2010 13:39:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:received:received:message-id:date:from
:user-agent:mime-version:to:subject:references:in-reply-to
:content-type:content-transfer-encoding;
bh=iycGliFKRVVnL50gci0J4tiIKp+WLSfZrLTkGKBGPvo=;
b=lW5AoZsCbqJT4WCD9tgHzCVrUmuXmuN3qDaihcJKDnQ+u+BcnjwTWL/r08QM9Wjj4w
jMpjyBXJYIGIQ0pv0fb9lMsRZzAbG4RSoKpd8+0xpr5KaA46uWyE20CLa8i0el1J8Erp
uxD2c1XJqwcJK2+n/HzSl2ZQ6q38NCrf9CMFw=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=message-id:date:from:user-agent:mime-version:to:subject:references
:in-reply-to:content-type:content-transfer-encoding;
b=Q0AgFe0aMFxJxu7/qwXndVQxL4R7pYMeLJEdwdtjFXsE6LtO4v4rRRgNxGtDp6QkCK
30Gm/96/B6ihogR8kCLwvkQ/eUbRbI7Lbr1CoXb5h5oWr+cuE979Te1uKRkm6ZPp79ej
eH2C+cII3OTlMTd7+0vcq2R39adQFkkN/MwKE=
Received: by 10.223.100.150 with SMTP id y22mr7156876fan.99.1267565995700;
Tue, 02 Mar 2010 13:39:55 -0800 (PST)
Received: from ?192.168.1.102? (cpe-24-90-197-206.nyc.res.rr.com [24.90.197.206])
by mx.google.com with ESMTPS id 1sm110216fks.24.2010.03.02.13.39.53
(version=TLSv1/SSLv3 cipher=RC4-MD5);
Tue, 02 Mar 2010 13:39:54 -0800 (PST)
Message-ID: <4B8D85A9.8040606-at-gmail.com>
Date: Tue, 02 Mar 2010 16:39:53 -0500
From: Paul Robert Marino
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.8) Gecko/20100216 Thunderbird/3.0.2
MIME-Version: 1.0
To: hangout-at-mrbrklyn.com
Subject: Re: [NYLXS - HANGOUT] this should not get through
References: <20100224055246.GA1602-at-panix.com> <199792.78675.qm-at-web38008.mail.mud.yahoo.com> <20100225044004.GA15620-at-panix.com> <4B8688E8.8010602-at-vnetworx.net> <20100225152032.GA10545-at-panix.com> <4B86A203.9020401-at-vnetworx.net> <20100226040955.GA16119-at-panix.com> <4B886A0E.50005-at-vnetworx.net> <4B8BE882.50904-at-gmail.com> <20100302210902.GA22571-at-panix.com>
In-Reply-To: <20100302210902.GA22571-at-panix.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-hangout-at-mrbrklyn.com
Precedence: bulk
Reply-To: hangout-at-mrbrklyn.com
well that's sort of what its designed to do via several mechanisms
one of which is documented here
http://www.postfix.org/BUILTIN_FILTER_README.html
another one commonly used can be found here
http://www.postfix.org/ADDRESS_VERIFICATION_README.html
this one actually attempts to verify that the from email address is
legitimate.
But for the most part its usually done by looping the message through
one or more external filtering applications
http://www.postfix.org/MILTER_README.html
this method is also commonly used filter messages through Clam AV (Anti
Virus)
On 3/2/2010 4:09 PM, Ruben Safir wrote:
> On Mon, Mar 01, 2010 at 11:17:06AM -0500, Paul Robert Marino wrote:
>
>> the most efficient way to do it is in postfix prior to the delivery to
>> the mailing list server.
>> there are many anti-spoofing plugins you can use to attempt to detect
>> and block it.
>>
>>
>
> How is postifx going to do this unless it opens the mail and parses it.
> You don't want postfix to do that.
>
> Ruben
>
>
>>
>> On 2/26/2010 7:40 PM, Ron Guerin wrote:
>>
>>> Ruben Safir wrote:
>>>
>>>
>>>> I'm sorry, I missunderstood you. Your saying that the mbox client, for
>>>> lack of a better term, creates the From line in the mbox format from the
>>>> envelope, and that it isn't strictly a header?
>>>>
>>>> I think your right about that. I seem to remember reading that.
>>>>
>>>> That is a problem though. I can spoof any From: header with mutt in a
>>>> second and so can any spammer. How the heck can you protect the mailing
>>>> list?
>>>>
>>>>
>>>>
>>> You can spoof the entire contents of an email including the envelope.
>>> Nothing new there. I don't know much about Majordomo, but unless it has
>>> native anti-abuse features or a plugin architecture to add them
>>> yourself, this is all beside the point. By the time the message gets to
>>> Majordomo, the question of whether or not to accept it has already been
>>> made. You need to insert something in front of it, just like I'm
>>> finding myself doing with GNU Mailman.
>>>
>>> GNU Mailman happens to have a very nice integrated feature for dealing
>>> with list spam. But it doesn't apply that to mail that's just "passing
>>> through" to the administrative addresses. So in order to spare myself
>>> and everyone else who looks after the list from all the spam that tries
>>> to get sent to those addresses, I have to intercept the mail before it
>>> hits Mailman. That's what you're going to have to do as well in the
>>> absense of any internal anti-abuse functionality in Majordomo.
>>>
>>> But for the sake of completeness, I'm now going to reverse gears and
>>> assume that Majordomo does have internal anti-abuse features. If it
>>> does, and all it bases its decisions on is who the mail appears to be
>>> from, it's never going to be very useful because that's really the least
>>> useful thing for determining what's spam and what's not. Trust no one,
>>> analyze everything. Spam is still spam even when your mother sends it
>>> to you.
>>>
>>> - Ron
>>>
>>>
>>
|
|
