[Mailman-Users] non-subscribers getting through--email address in "Real Name"
heller at deepsoft.com
Thu Jul 19 18:01:30 EDT 2018
At Thu, 19 Jul 2018 14:17:55 -0600 Grant Taylor <gtaylor at tnetconsulting.net> wrote:
> Content-Language: en-US
> On 07/19/2018 11:44 AM, Robert Heller wrote:
> > All of which can be spoofed.
> Yes. Just about everything can be spoofed to some degree. It really
> depends on what information the owner of the purported sending domain
> publishes and what filtering / consumption of said information the
> receiving server exercises.
> I personally feel like Mailman, and many other similar things, should
> sit behind an external / edge SMTP server that does some of the heavy
> lifting and provides detection of and possibly protection against many
Yes, of course.
> > Mailman does not make any checks of the "Received:" headers (where the
> > bogosity of the other headers can be determined or can flag messages as
> > containing possibly spoofed headers).
> I agree that there is some data in the Received: headers that may
> indicate a problem. But such information is difficult to consistently /
> reliably / accurately extract or parse /without/ false positives. It
> can also be difficult to correlate information across headers and
> determine what should and should not be allowed. Let's not forget that
> it's equally easy to spoof Received: headers as it is to spoof other
> headers. }:-)
I have found that just "holding" messages from an non-reversed DNS "server"
(eg "Received: ... from ... unknown (nnn.nnn.nnn.nnn)"), results in only a
small number of false positives. Better a *few* false positives, than tons
of spam. Firewalling IP blocks, either with an actual firewall (iptables) or
via access control, helps a great deal.
Robert Heller -- 978-544-6933
Deepwoods Software -- Custom Software Services
http://www.deepsoft.com/ -- Linux Administration Services
heller at deepsoft.com -- Webhosting Services
More information about the Mailman-Users