[milters] Archive

Lists Index Date Thread Search

Article: 686
From: barryc
Date: 2005-08-03 09:46:57 -0400
Subject: [DYNDNS] Re: Re: [DYNDNS] Re: Re: sender question

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support

>From: cc <cc@kdtc.net>
>barryc wrote:
>>Here's a block of pseudocode that might better elucidate what I was trying to 
>>get at:
>>RECV_COUNT = get_number_of_received_headers();
>>if (RECV_COUNT == 0) 
>>   /*
>>    * Assume my Received header has not yet been attached. 
>>    * Otherwise, we'd also have to check the first (most recent) header 
>>    * to see if it's ours
>>    */
>Please correct me if I'm wrong, but as far as I know, the current mail
>server's Recevied message won't be attached to the mail until the email
>passes all the milters. 

That IS my recollection as well.  However, I wanted to make my thoughts as 
explicit as possible in the pseudocode, so I felt it best to at least account 
for the possibility in the comments. Also, is it not possible that a previous 
milter COULD have added a 'faked' Received header for some purpose? Like, to be 
compatible with SpamAssassin as Anthony mentioned remembering that he had to 

>>   if ( client_has_smtp_auth() )
>>      accept_message();
>>   else if ( client_in_relay_domains() )
>>      accept_message();
>>   else /* some random computer is connecting to me directly */
>>      reject_message();
>     I wouldn't do a wholesale reject, 

I can see arguments for doing both.  Ideally, I'd like to be able to pass an 
option to the milter to tell it whether to reject, drop, or just tag the message 
if it hits.

>but this part certainly requires a lot more
>direct spam vs. direct mail from friends (who happens to have dyndns 
>mail servers).

Right.  In this block, the thinking is that any email sent by a properly 
behaving mail client will be touched by a MINIMUM of one other mail server 
before it gets to mine, UNLESS they are explicitly allowed to send to my server 
directly. (either by authenticating with sendmail or PopBeforeSMTP, or by the 
host being listed in the /etc/mail/relay-domains file)

Since it's possible that the mail client program is running on the same machine 
as the mail server (e.g.: status emails from daemons running on the mailserver) 
you would have to allow for the possibility that both the "from" and
machines in a Received header be identical... But there should still be a 
minimum of one Received line before it gets to my server.

>>   /*
>>    * I am not the first mailserver / relay to touch this message.
>>    * this block COULD get ugly, depending on exactly what you want it to do.
>>    * I'd actually be happy just with what's above
>>    */
>I get the feeling that it will get ugly.   Unless you limit the level of 
>Received: header
>checking to say 2-3.  I mean, after 3 received headers, I think it 
>should be
>apparent as to whether the mail is legit or not.   Of course, it's 
>arbitrarily set.
>Possibly a good configuration option, I would say.

Agreed. In my experience, if there are forged Received: headers, it's aparent 
after looking only at the first 1-2 (not including the line for receipt by my 

>>Once you encounter a private IP, all bets are off. If that happens, your best 
>>bet is to pass the message and let the other milters decide what to do with 
>True.   I think if it goes to this stage,  it'll have to go through a 
>content scanner,
>since the headers check won't come up with anything.


Lists Index Date Thread Search