Relay thru sys in whitelist

Vernon Schryver vjs@calcite.rhyolite.com
Sat Jun 29 23:45:51 UTC 2002


> From: "Rose, Bobby" <brose@med.wayne.edu>

> ...
> Yeh I suppose the received headers could be forged but it would have to
> be forged by the SMTP system accepting the message wouldn't it?  

No, it is almost always forged by the true origin of the message
in order to misdirect complaints.

>                                                                  If so,
> it would be easy to pick out after awhile and such a system could be
> blacklisted altogether.

Blacklisting the true origin would be blacklisting the spammer.  The
rub is twofold.  First even humans have trouble picking out which
Received header lines in a chain are forged and computers are hopeless.
Second, you need to convince every SMTP system that ever sends mail
to yours to use that blacklist.  The systems you'd like most to use
that blacklist are open relays and now open proxies.  However, if they
were well enough maintained to use any blacklist, they probably wouldn't
be open relays or proxies and so wouldn't need to use that blacklist, or
at least not for your benefit.


>                                     ... Now I didn't know about the dccm
> being able to hash out the sendmail access list but I'm not certain that
> will do much.  If *.wayne.edu is whitelisted in the dccm list, what
> would be the change if it was whitelisted in the access map instead?

You can't put "*.wayne.edu" into a dccm whiteclnt file, because the
DCC is based entirely on checksums and not regular expressions.
Sendmail also doesn't enjoy regular expressions for strings and
only recently started doing them at all.  However, sendmail has
always been able to make decisions on substrings of tokens in addresses.
It has always been possible to tell sendmail to do something different
for *.wayne.edu by telling it to look for any tokens followed by "wayne" 
"." "edu".  The sendmail access_db mechanism works by looking up in its
database all three possibilities in "med.wayne.edu" and stopping when
it finds the first matching record.  A line like:

   from:wayne.edu	OK

would tell sendmail that mail with an envelop Mail_From value containing
any wayne.edu domain is OK.
With the `misc/hackmc -O` changes to sendmail.mc/cf, dccm will take
sendmail's word that such mail is OK.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.