[Mailman-Users] non-subscribers getting through--email address in "Real Name"

Robert Heller heller at deepsoft.com
Thu Jul 19 18:01:30 EDT 2018


At Thu, 19 Jul 2018 14:17:55 -0600 Grant Taylor <gtaylor at tnetconsulting.net> wrote:

> 
> 
> Content-Language: en-US
> 
> On 07/19/2018 11:44 AM, Robert Heller wrote:
> > All of which can be spoofed.
> 
> Yes.  Just about everything can be spoofed to some degree.  It really 
> depends on what information the owner of the purported sending domain 
> publishes and what filtering / consumption of said information the 
> receiving server exercises.
> 
> I personally feel like Mailman, and many other similar things, should 
> sit behind an external / edge SMTP server that does some of the heavy 
> lifting and provides detection of and possibly protection against many 
> spoofs.

Yes, of course.  

> 
> > Mailman does not make any checks of the "Received:" headers (where the 
> > bogosity of the other headers can be determined or can flag messages as 
> > containing possibly spoofed headers).
> 
> I agree that there is some data in the Received: headers that may 
> indicate a problem.  But such information is difficult to consistently / 
> reliably / accurately extract or parse /without/ false positives.  It 
> can also be difficult to correlate information across headers and 
> determine what should and should not be allowed.  Let's not forget that 
> it's equally easy to spoof Received: headers as it is to spoof other 
> headers.  }:-)

I have found that just "holding" messages from an non-reversed DNS "server" 
(eg "Received: ... from ... unknown (nnn.nnn.nnn.nnn)"), results in only a 
small number of false positives.   Better a *few* false positives, than tons 
of spam.  Firewalling IP blocks, either with an actual firewall (iptables) or 
via access control, helps a great deal.

> 
> 
> 

-- 
Robert Heller             -- 978-544-6933
Deepwoods Software        -- Custom Software Services
http://www.deepsoft.com/  -- Linux Administration Services
heller at deepsoft.com       -- Webhosting Services
                                                                  


More information about the Mailman-Users mailing list