-----Original Message-----
Sent: Sunday, January 09, 2005 7:39 PM
Subject: RE: blowback, was A new SMTP "3821" [Re: FTC
stuff...........]
Post by M***@hbinc.comThe blowback issue is different from this. Blowback
happens whenever
Post by M***@hbinc.comanyone _rejects_ emails based on SPF.
Fair enough
A bounce is generated from the relay to the forged sender.
Is it? If the receiving MTA issues an SMTP reject command,
it does not
Post by M***@hbinc.comassume any responsibility for the delivery of the mail. It will
therefore not generate a spurious bounce message.
This isn't how most current SMTP servers behave.
(Sendmail/Qmail/Postfix/Exchange, anyway) If the receiving
MTA rejects
mail, the sending MTA generates a bounce to the sender. The
sender of
course, can be forged.
Agreed, but near sighted. If the sending MTA had done some sort of validation to ensure the message
was not forged when it accepted it, then we wouldn't have a blowback problem. You cannot blame
subsequent MTA's in the path for detecting and rejecting bad email when its something the first hop
MTA could (and should) have done in the first place!
His point I think is that if the virus is trying to send directly to the MTA it would get rejected
with no bounce back (because the virus wouldn't process a bounce).
If an MTA.1 accepted a virus message, and tried relaying it to MTA.2, when MTA.2 rejects it as
forged, and MTA.1 processes a bounce, well, NO SYMPATHY FOR MTA.1, it should have taken steps to
prevent the virus/forgery etc from being accepted by itself in the FIRST PLACE.
Post by M***@hbinc.comIf the sending MTA generates a bounce message, then it's
likely not a
Post by M***@hbinc.comvirus or other malware likely to forge a sender address.
???
This too is wrong. Many viruses send "forged" bounces
containing a virus.
The statement was that virus infected machines don't usually process bounces if an MTA rejects its
transmission attempt. And the statement *is* correct.
One cannot assume that because you opened a bounce, the
message will not
contain a virus. Further, a genuine bounce with an
undelivered message
may contain a virus in the undelivered message.
True, but what is your point? The question at hand was "If the MTA rejects a message, does this
cause a blowback problem":
Case 1: Message is arriving from the virus itself:
-no blowback, viruses will usually ignore the rejection
Case 2: Message is arriving from an MTA that accepted the message from a virus:
-no sympathy for the bounce, the MTA should have rejected the virus message in the first place.
Is there a real issue with blowback? NO: There are plenty of ways of dealing with blowback until
all the MTA's are upgraded to provide some sort of MTA authentication to deal with forgery and
reject it at the first hop. (Yes, even silently dropping the bounces, something which large ISP's
often do already ANYWAY).
Terry Fielder
Post by M***@hbinc.comMatthew.van.Eerde (at) hbinc.com 805.964.4554 x902
Hispanic Business Inc./HireDiversity.com Software Engineer
perl -e"map{y/a-z/l-za-k/;print}shift" "Jjhi pcdiwtg Ptga wprztg,"
--
Av8 Internet Prepared to pay a premium for better service?
www.av8.net faster, more reliable, better service
617 344 9000