MESSAGE
| DATE | 2010-03-02 |
| FROM | Paul Robert Marino
|
| SUBJECT | Re: [NYLXS - HANGOUT] this should not get through
|
From owner-hangout-outgoing-at-mrbrklyn.com Tue Mar 2 16:42:26 2010
Return-Path:
X-Original-To: archive-at-mrbrklyn.com
Delivered-To: archive-at-mrbrklyn.com
Received: by www2.mrbrklyn.com (Postfix)
id C0640542E6; Tue, 2 Mar 2010 16:42:26 -0500 (EST)
Delivered-To: hangout-outgoing-at-www2.mrbrklyn.com
Received: by www2.mrbrklyn.com (Postfix, from userid 28)
id AF6A0542EA; Tue, 2 Mar 2010 16:42:26 -0500 (EST)
Delivered-To: hangout-at-mrbrklyn.com
Received: from mail-fx0-f219.google.com (mail-fx0-f219.google.com [209.85.220.219])
by www2.mrbrklyn.com (Postfix) with ESMTP id 3595F542E6
for ; Tue, 2 Mar 2010 16:42:26 -0500 (EST)
Received: by fxm19 with SMTP id 19so847255fxm.21
for ; Tue, 02 Mar 2010 13:43:03 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:received:received:message-id:date:from
:user-agent:mime-version:to:subject:references:in-reply-to
:content-type:content-transfer-encoding;
bh=w13P3QMJwC4Lq6B8kPdLqXItXGprIs7BMc7KMXSm3Qw=;
b=Csz2ouq7LDyGVnLzXtUEDLqGpzOOtpapLU01p/EtzPRmvCNZFt1BBvhhVTsMc55dGe
A1KYBHlAL3KhA2cnUwx4kq3MeNrnQ+wXvsH7bVEfX6Itybou/yL6gLfCfoVQyQrBe+Tv
GEFBrU5/NV8/QxyM5iFkFjnXjNgGHo/nB10l4=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=message-id:date:from:user-agent:mime-version:to:subject:references
:in-reply-to:content-type:content-transfer-encoding;
b=e0JjBC0P619XsBwsQUKb1/ZK5BLo0YKQii3FZN+6a9tu03au4ZVlu8cKQTF8N9LKGn
ToIGGWY5RUe/2GfD9oQ371lJRKzTGkKQoMDp+vSc62sr9OhSB+wZD9ap9wWjgBh9C47+
HNear0YVicQs9lsyemz7YUvVxSRdOx4zGGQ28=
Received: by 10.223.5.17 with SMTP id 17mr7326235fat.0.1267566183593;
Tue, 02 Mar 2010 13:43:03 -0800 (PST)
Received: from ?192.168.1.102? (cpe-24-90-197-206.nyc.res.rr.com [24.90.197.206])
by mx.google.com with ESMTPS id z15sm7975946fkz.51.2010.03.02.13.43.01
(version=TLSv1/SSLv3 cipher=RC4-MD5);
Tue, 02 Mar 2010 13:43:02 -0800 (PST)
Message-ID: <4B8D8666.8080105-at-gmail.com>
Date: Tue, 02 Mar 2010 16:43:02 -0500
From: Paul Robert Marino
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.8) Gecko/20100216 Thunderbird/3.0.2
MIME-Version: 1.0
To: hangout-at-mrbrklyn.com
Subject: Re: [NYLXS - HANGOUT] this should not get through
References: <20100224055246.GA1602-at-panix.com> <199792.78675.qm-at-web38008.mail.mud.yahoo.com> <20100225044004.GA15620-at-panix.com> <4B8688E8.8010602-at-vnetworx.net> <20100225152032.GA10545-at-panix.com> <4B86A203.9020401-at-vnetworx.net> <20100226040955.GA16119-at-panix.com> <4B886A0E.50005-at-vnetworx.net> <4B8BE882.50904-at-gmail.com> <20100302210902.GA22571-at-panix.com> <4B8D85A9.8040606-at-gmail.com>
In-Reply-To: <4B8D85A9.8040606-at-gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-hangout-at-mrbrklyn.com
Precedence: bulk
Reply-To: hangout-at-mrbrklyn.com
oh by the way this doc http://www.postfix.org/BACKSCATTER_README.html
covers exactly what you were originally talking about
On 3/2/2010 4:39 PM, Paul Robert Marino wrote:
> well that's sort of what its designed to do via several mechanisms
> one of which is documented here
> http://www.postfix.org/BUILTIN_FILTER_README.html
>
> another one commonly used can be found here
> http://www.postfix.org/ADDRESS_VERIFICATION_README.html
> this one actually attempts to verify that the from email address is
> legitimate.
>
>
> But for the most part its usually done by looping the message through
> one or more external filtering applications
> http://www.postfix.org/MILTER_README.html
> this method is also commonly used filter messages through Clam AV
> (Anti Virus)
>
> On 3/2/2010 4:09 PM, Ruben Safir wrote:
>> On Mon, Mar 01, 2010 at 11:17:06AM -0500, Paul Robert Marino wrote:
>>> the most efficient way to do it is in postfix prior to the delivery to
>>> the mailing list server.
>>> there are many anti-spoofing plugins you can use to attempt to detect
>>> and block it.
>>>
>>
>> How is postifx going to do this unless it opens the mail and parses it.
>> You don't want postfix to do that.
>>
>> Ruben
>>
>>>
>>> On 2/26/2010 7:40 PM, Ron Guerin wrote:
>>>> Ruben Safir wrote:
>>>>
>>>>> I'm sorry, I missunderstood you. Your saying that the mbox
>>>>> client, for
>>>>> lack of a better term, creates the From line in the mbox format
>>>>> from the
>>>>> envelope, and that it isn't strictly a header?
>>>>>
>>>>> I think your right about that. I seem to remember reading that.
>>>>>
>>>>> That is a problem though. I can spoof any From: header with mutt
>>>>> in a
>>>>> second and so can any spammer. How the heck can you protect the
>>>>> mailing
>>>>> list?
>>>>>
>>>>>
>>>> You can spoof the entire contents of an email including the envelope.
>>>> Nothing new there. I don't know much about Majordomo, but unless
>>>> it has
>>>> native anti-abuse features or a plugin architecture to add them
>>>> yourself, this is all beside the point. By the time the message
>>>> gets to
>>>> Majordomo, the question of whether or not to accept it has already
>>>> been
>>>> made. You need to insert something in front of it, just like I'm
>>>> finding myself doing with GNU Mailman.
>>>>
>>>> GNU Mailman happens to have a very nice integrated feature for dealing
>>>> with list spam. But it doesn't apply that to mail that's just
>>>> "passing
>>>> through" to the administrative addresses. So in order to spare myself
>>>> and everyone else who looks after the list from all the spam that
>>>> tries
>>>> to get sent to those addresses, I have to intercept the mail before it
>>>> hits Mailman. That's what you're going to have to do as well in the
>>>> absense of any internal anti-abuse functionality in Majordomo.
>>>>
>>>> But for the sake of completeness, I'm now going to reverse gears and
>>>> assume that Majordomo does have internal anti-abuse features. If it
>>>> does, and all it bases its decisions on is who the mail appears to be
>>>> from, it's never going to be very useful because that's really the
>>>> least
>>>> useful thing for determining what's spam and what's not. Trust no
>>>> one,
>>>> analyze everything. Spam is still spam even when your mother sends it
>>>> to you.
>>>>
>>>> - Ron
>>>>
>
|
|
