Mailinglist Archive: opensuse-security (88 mails)

< Previous Next >
Re: [suse-security] ezmlm warning
  • From: David Bolt <fhfr-frp@xxxxxxxxxx>
  • Date: Mon, 3 Apr 2006 12:23:26 +0100
  • Message-id: <7abME$EuWQMEFwMU@xxxxxxxxxxxxxxxxxxx>
On Mon, 3 Apr 2006, Arjen de Korte <suse+security@xxxxxxxxxxxx> wrote:-

>[...]
>
>> If it had been bounced, that would be a different thing. In that case,
>> the mail would have been accepted, a new mail created and this new mail
>> sent to the possibly forged sender.
>
>Carlos was right in his observation, that's exactly what's happened here.
>See the following lines from the bounce message:

Re-reading the headers, he was right.

<Snip>

>Diagnostic-Code: X-Postfix; host 127.0.0.1[127.0.0.1] said: 550 5.7.1 Message
> content rejected, UBE, id=32402-01-62 (in reply to end of DATA command)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

That was the bit that I noted, not reading the rest of the line
properly.

>So the bounce message was generated by a different MTA than the SuSE
>mailinglist server was talking to, which means that this is a case of
>accept-then-bounce-later, which is bad for the reasons you already
>mentioned. Unfortunately, this is done by the OP's ISP, so short of
>complaining about this, there is probably little he can do about it.

Unfortunately that's true. The bad news for the OP is that, because
their ISP is operating in that fashion, there are some people, myself
included[0], who would add the IP addresses of the servers that bounce
mail to local block lists.


[0] after being on the receiving end of several thousand bounces due to
accept-then-bounce policies in place at some ISPs, I've been using this
as method of self-defence.

Regards,
David Bolt

--
Member of Team Acorn checking nodes at 50 Mnodes/s: http://www.distributed.net/
AMD1800 1Gb WinXP/SUSE 9.3 | AMD2400 256Mb SuSE 9.0 | A3010 4Mb RISCOS 3.11
AMD2400(32) 768Mb SUSE 10.0 | Falcon 14Mb TOS 4.02 | A4000 4Mb RISCOS 3.11
AMD2600(64) 512Mb SUSE 10.0 | | RPC600 129Mb RISCOS 3.6

< Previous Next >
Follow Ups