Mailinglist Archive: opensuse-security (88 mails)

< Previous Next >
Re: [suse-security] ezmlm warning
  • From: David Bolt <fhfr-frp@xxxxxxxxxx>
  • Date: Mon, 3 Apr 2006 10:13:05 +0100
  • Message-id: <F14z$vDhcOMEFwof@xxxxxxxxxxxxxxxxxxx>
On Mon, 3 Apr 2006, Carlos E. R. <robin1.listas@xxxxxxxxxx> wrote:-


>3) Then, you, or your server, rejected the email because you considered it
>spam - that is a thing that never should happen. You should store spam on
>another folder, but never bounce it back: the "from" address is usually
>faked, or may belong to somebody else that knows nothing about it. Worse,
>it can be the spammer, that then knows that your address is valid.

Here's where you made a small mistake. The mail was rejected by the OPs
ISP which means that, as far as the OP is concerned, it was never
received. Since delivery wasn't accepted, SUSEs server still had
responsible for it. What SUSEs server did after that is entirely up to
their mail admin and nothing to do with the OP.

If it had been bounced, that would be a different thing. In that case,
the mail would have been accepted, a new mail created and this new mail
sent to the possibly forged sender.

As a so-so analogy, it is the same as someone knocking on your door to
hand you a parcel. If you don't take it, the person trying to deliver it
has to send it back to the alleged sender. If you do accept it then
change your mind, you get to send it back.

Unfortunately, this analogy isn't perfect. The reason being that there
are a few points at which email can be rejected:

1, at the EHLO/HELO, which begins the transaction;
2, at the MAIL FROM, if you don't like the sender address;
3, at the RCPT TO, if the receiver address doesn't exist, or connecting
server is listed on a DNSBL, either public or private;
4, at the DATA, for example there is a mail quota in place and if the
sender says the mail will be 10MB and there's only 9MB free for the
5, at the end of the data section, for example where a virus scanner or
spam filter returns a code saying the mail contains a virus or is spam.

It's the last one that's the real difference. With postal mail you don't
get to check the package contents for harmful or unwanted things before
you accept it.

>|> <karsites at>: host[] said: 550
>5.7.1 Message
>|> content rejected, UBE, id=32402-01-62 (in reply to end of DATA command)
>Therefore, the email got bounced back to SuSE, to the list server. This
>decides then, as should be, that you are unreachable and should be
>unsubscribed; but first it sends you a probe to check if it was a
>temporary problem:

That part is correct. Any good mailing list should do the same.


>In conclusion: it is your fault :-P

Actually, I'd say the fault was with the mailing list manager software
SUSE chose to use.

Either ezmlm accepted what I can only assume was a rejection notice or
bounce from service{at} as the confirmation required to
complete the subscription, or it is even more broken in that it allows
non-subscribers to post to the mailing lists. My guess it the former,
since I've received a rejection when trying to send replies using the
wrong email address.

David Bolt

Member of Team Acorn checking nodes at 50 Mnodes/s:
AMD1800 1Gb WinXP/SUSE 9.3 | AMD2400 256Mb SuSE 9.0 | A3010 4Mb RISCOS 3.11
AMD2400(32) 768Mb SUSE 10.0 | Falcon 14Mb TOS 4.02 | A4000 4Mb RISCOS 3.11
AMD2600(64) 512Mb SUSE 10.0 | | RPC600 129Mb RISCOS 3.6

< Previous Next >