LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 03-06-2014, 10:49 AM   #16
Barcoboy
Member
 
Registered: May 2010
Distribution: Slackware
Posts: 60

Original Poster
Rep: Reputation: Disabled

Quote:
Originally Posted by jtsn View Post
Do they reject them with a 55x error code or do they accept (code 2xx) and then silently delete them? Because the latter is not correct RFC-conform behavior. Transport errors must be reported back to the sending SMTP.
Accept and then silently delete. In fact, according to the report that the tech sent me, the detection happens even before the DATA phase of the SMTP transaction:

Code:
Feb 27 13:35:51 mailfe1 msd[10484]: Linux Magic SMTPD started: connection from 198.48.197.226
Feb 27 13:35:51 mailfe1 msd[10484]: Created UUID 216e9432-9ff7-11e3-b903-00259014b752 for message
Feb 27 13:35:51 mailfe1 msd[10484]: EHLO command received, args: AlphaBase.mvtech.ca
Feb 27 13:35:52 mailfe1 msd[10484]: STARTTLS command received, args: TTLS
Feb 27 13:35:52 mailfe1 msd[10484]: CONNECTED using SSL
Feb 27 13:35:52 mailfe1 msd[10484]: EHLO command received, args: AlphaBase.mvtech.ca
Feb 27 13:35:52 mailfe1 msd[10484]: MAIL command received, args: From:<no-harvest@mvtech.ca>
Feb 27 13:35:52 mailfe1 msd[10484]: Doing server-wide checks
Feb 27 13:35:52 mailfe1 msd[10484]: Done server-wide checks
Feb 27 13:35:52 mailfe1 msd[10484]: RCPT command received (198.48.197.226), args: To:<majordomo@slackware.com>
Feb 27 13:35:52 mailfe1 msd[10484]: IP country code[198.48.197.226] = "CA"
Feb 27 13:35:52 mailfe1 msd[10484]: domain country code[no-harvest@mvtech.ca] = "**"
Feb 27 13:35:52 mailfe1 msd[10484]: domain country code[AlphaBase.mvtech.ca] = "CA"
Feb 27 13:35:52 mailfe1 msd[10484]: Doing server-wide checks
Feb 27 13:35:52 mailfe1 msd[10484]: Done server-wide checks
Feb 27 13:35:52 mailfe1 msd[10484]: RCPT address [majordomo@slackware.com] is local
Feb 27 13:35:52 mailfe1 msd[10484]: User spam rules loaded successfully
Feb 27 13:35:52 mailfe1 msd[10484]: User spam checking enabled
Feb 27 13:35:52 mailfe1 msd[10484]: SPAM HIT: check_dynamic_reverse_dns
Feb 27 13:35:52 mailfe1 msd[10484]: Adding flag for quarantine.
Feb 27 13:35:52 mailfe1 msd[10484]: DATA command received, args:
Feb 27 13:35:53 mailfe1 msd[10484]: incrementing hop count
Feb 27 13:35:53 mailfe1 msd[10484]: incrementing hop count
Feb 27 13:35:53 mailfe1 msd[10484]: virus scan: /var/spool/qmail/mess/16/613771: OK
Feb 27 13:35:53 mailfe1 msd[10484]: virus scan: /----------- SCAN SUMMARY -----------/Infected files: 0/Time: 0.001 sec (0 m 0 s)
Feb 27 13:35:53 mailfe1 msd[10484]: Returning 250 ok [qp 10513] for data
Feb 27 13:35:53 mailfe1 msd[10484]: QUIT command received, args:
Feb 27 13:35:53 mailfe1 msd[10484]: Exiting (bytes in: 270 out: 320)
 
Old 03-06-2014, 11:39 AM   #17
Barcoboy
Member
 
Registered: May 2010
Distribution: Slackware
Posts: 60

Original Poster
Rep: Reputation: Disabled
Well I got another reply from Succeed.net... basically a "this is how our server is configured and we're not changing it, go away" type of reply. Not that I am surprised or anything.
 
Old 03-06-2014, 01:30 PM   #18
jtsn
Member
 
Registered: Sep 2011
Posts: 925

Rep: Reputation: 483Reputation: 483Reputation: 483Reputation: 483Reputation: 483
Quote:
Originally Posted by Barcoboy View Post
Well I got another reply from Succeed.net... basically a "this is how our server is configured and we're not changing it, go away" type of reply. Not that I am surprised or anything.
These lazy pals are the people who break reliable Internet e-mail for all of us, not the spammers. So the slackware.com MX is officially a black hole. BTW: It's perfectly valid to check various sending host requirements at the HELO/EHLO state and reject connections, just as AOL does. But I would never configure my own MX the way succeed.net did, because accepting and silently suppressing electronic mail can have legal consequences over here.
 
Old 03-11-2014, 11:43 AM   #19
Barcoboy
Member
 
Registered: May 2010
Distribution: Slackware
Posts: 60

Original Poster
Rep: Reputation: Disabled
Well I got it working. I was able to take a few basic mail headers and put them in a text file, place my subscribe command a couple of lines later, copied everything to the clipboard, then on one of the mail servers that I look after at work (which is on a static IP and has a proper PTR DNS record) did a telnet to port 25 of cwo.mail.com, and did a manual SMTP transaction using my mvtech.ca email address in both the "MAIL FROM" SMTP command and the "From:" header in the fake message. Pasted my message after the DATA command, and the other side accepted it, and a few minutes later I got a delivery from Majordomo to mvtech.ca asking me to confirm my subscribe request. Changed the date header of my fake message (added a minute to the time) and copy/pasted the "auth ....... subscribe" command from Majordomo, telnetted again to cwo.mail.com on port 25, and they again accepted my message and Majordomo completed the subscription.

Just for fun afterwards, I sent a proper message from my mvtech.ca mail server to Majordomo, but did not receive a response; just wanted to see if Succeed.net had actually changed their DNS PTR rejection policy, but it appears not. So they accept a forged mail message from me, but reject a legitimate one... NICE!
 
Old 03-11-2014, 12:52 PM   #20
perbh
Member
 
Registered: May 2008
Location: Republic of Texas
Posts: 393

Rep: Reputation: 81
Gotta just luv the resources herein ...
 
Old 03-11-2014, 02:29 PM   #21
jtsn
Member
 
Registered: Sep 2011
Posts: 925

Rep: Reputation: 483Reputation: 483Reputation: 483Reputation: 483Reputation: 483
Quote:
Originally Posted by Barcoboy View Post
Just for fun afterwards, I sent a proper message from my mvtech.ca mail server to Majordomo, but did not receive a response; just wanted to see if Succeed.net had actually changed their DNS PTR rejection policy, but it appears not. So they accept a forged mail message from me, but reject a legitimate one... NICE!
They don't reject anything, do they? They're just silently dropping it, right?

I recommend setting up an SPF record for mkvtech.ca to point to the actual IP address range of your outgoing mail relay. So at least correctly configured mail servers would reject this sort of forgery. There are also settings for finetuning MX and PTR checks.
 
Old 03-11-2014, 02:35 PM   #22
Barcoboy
Member
 
Registered: May 2010
Distribution: Slackware
Posts: 60

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by jtsn View Post
They don't reject anything, do they? They're just silently dropping it, right?
Yes, that is correct... they do accept the message but then silently discard it. Sorry for the confusion.

Quote:
Originally Posted by jtsn View Post
I recommend setting up an SPF record for mkvtech.ca to point to the actual IP address range of your outgoing mail relay. So at least correctly configured mail servers would reject this sort of forgery. There are also settings for finetuning MX and PTR checks.
I do have an SPF record for my mail server:
Code:
v=spf1 mx ptr mx:mx.mvtech.ca ~all
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Python - Sorting Lists inside of Lists LXer Syndicated Linux News 0 06-06-2013 02:00 PM
How are opt-in e-mail lists distinguished from spam lists? Travis86 Programming 2 01-29-2012 09:55 PM
dependency lists w/ slackware slackpkg vendtagain Linux - Newbie 1 12-13-2009 04:51 PM
LXer: Unique Sorting Of Lists And Lists Of Lists With Perl For Linux Or Unix LXer Syndicated Linux News 0 09-05-2008 02:50 PM
LXer: Majordomo Mailing Lists Configuration LXer Syndicated Linux News 0 05-31-2006 06:21 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 06:35 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration