Open Relay Checker before Opening MTA
jeremyb at supreme.pcug.org.au
jeremyb at supreme.pcug.org.au
Sun Feb 10 12:12:55 EST 2002
Neil Symons <neil at goldweb.com.au> wrote:
> I wonder if there is already something like this out there before I
> write one myself.
>
> When a mail server connect to me, I check my local blacklist to see if
> server is listed as an open relay, if not, then check my goodlist, if
> not there then connect straight back at them and do a open relay test.
<...>
I see a few potential problems ...
1) Define "open relay test". Are we talking SMTP relaying? HTTP proxy
relaying? SOCKS proxy relaying? CGI (formail.pl and friends) relaying?
All of the above? Unfortunately the spammers have a multitude of ways
of relaying their crap these days. What exactly are you testing for?
2) Even if you're doing simple SMTP relay tests, many MTA's will "accept"
your message, but then reject it some time later. So if an MTA apparently
accepted your test, you could blacklist them before the rejection was
returned to you (except you wouldn't get the rejection, because you've
already blacklisted them :-(
3) If a spammer is actively abusing an open relay, that box can have a
huge queue of messages to be processed. How long do you wait to complete
your tests? 30 seconds? 5 minutes? 30 minutes? You could end up with
long delays in delivering legitimate mail.
4) Don't forget multipoint open relays - MTA 'A' accepts the message, but
passes it to MTA 'B' which returns the test to you. Do you block 'A', or
'B', or both? :-)
Cheers,
Jeremy
(Currently implementing MIMEDefang and SpamAssassin on the PCUG mail server)
--
Jeremy Bishop
jeremyb at pcug.org.au
PC User Group (PCUG)
Canberra ACT Australia
More information about the linux
mailing list