[milters] Archive

Lists Index Date Thread Search

Article: 1015
From: Anthony Howe
Date: 2006-07-10 04:12:31 -0400
Subject: Re: Milter-Null and / or SRS filtering...

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Grant Taylor wrote:
> I would like to take a moment to engage peoples thoughts and opinions on 
> the pros and cons of Milter-Null verses Sender Rewriting Scheme, a.k.a. 
> SRS  As I understand it, both Milter-Null and SRS filtering provide / 
 > ...

milter-null is more akin to a BATV private scheme:

	http://mipassoc.org/batv/index.html

My method is implemented differently and grew out of my observations 
over Xmas 2005 when I was getting lots of back scatter during that time 
frame.

SRS was developed by Meng Weng Wong to help address the SPF (also by 
Wong) forwarding problem. SRS is similar to VERP and is intended for 
re-mailers and forwarders. It was not designed for null address 
verification, but has since been used in BATV like roles.

milter-null approaches the problem more from a DKIM perspective, ie. it 
uses a simple encryption hash on a select set of information to insert a 
header. Multiple headers can be inserted and supported.

BATV / SRS modify the envelope instead. Some sites require that the MAIL 
envelope equal the From: or Sender: header. I think Sendmail X has an 
option to enforce this, particularly for mailing lists. Its unclear to 
me how effective the SRS variant would be when the MAIL envelope is 
changed by two or more forwarders.

I have some issues with envelope rewriting. SRS in its basic form, as 
with VERP, can blowup RFC 2821 maximum local-part length which is 
suppose to be restricted to 64 bytes. RFC 2821 also states that an email 
address has an overall max. length of 255 bytes. So if I create a 
specially long email address and subdomains (for harvest detection lets 
say), then its possible that some MTAs will barf on an SRS/VERP 
rewritten address that tries to put 256+ characters into the local-part 
before the at-sign.

Matter of fact all my milters have had options to enable strict RFC 
length enforcement as means to filter out rubbish. These options are now 
exposed with the latest option scheme used by all 20 Snert milters:

	-rfc2821-domain-length

	-rfc2821-local-length

They're off by default, because early attempts to enforce it broke those 
sites that use VERP capable MLM on their servers. I pointed this out to 
Wong concerning SRS about two years ago at the height of the SPF frenzy.

The correct way to do SRS or any sender rewriting is to use a hash that 
doesn't blow up the local-part length limit, but then this requires a 
database to track hashs and method to expire them.

milter-null requires no such database, since all the information hashed 
is found in the message headers, which to my knowledge so far always 
returned as part of the DSN & MDN. BTW I did test with Thunderbird MDN 
support and Outlook Repress too.

Replay attacks are possible, which is why the date-ttl option exists in 
milter-null. However, this is not a unique problem to milter-null. BATV 
or SRS using hashing are also vulnerable to replay attacks during your 
TTL window.

 > ...
> included.  Will someone please correct me if I'm wrong.  However, MOST 
> MTAs out there will include it, but not all.

Most MTAs include the headers, but not the body. I've looked at mail DSN 
mail from Sendmail 8, Postfix, Qmail, and Exim, which all at least 
include headers. I've tested with Gmail, Hotmail, and Yahoo. Yahoo is of 
particular interest here since they have an accept-then-bounce policy, 
making a bounce test far more interesting; it works too.

So far I've not found an MTA that does not include the headers by 
default in a DSN/MDN message. I sure its possible to disable returned 
headers with the options of most MTAs, but its not a default.

However, IMHO that such sites that don't return message headers are rare 
and that bounce mail from such sites will probably be backscatter. 
Dropping legit bounce mail from such sites doesn't bother me any more, 
since so many sites have opted to reject mail from the null sender, a 
milter-null enabled site would just appear as another blip by these rare 
few that don't return message headers with their DSN.

For the moment, I see the odds in my favour. Correct me if I'm wrong or 
have overlooked something.

-- 
Anthony C Howe          Skype: SirWumpus                    SnertSoft
+33 6 11 89 73 78         AIM: SirWumpus    Sendmail Milter Solutions
http://www.snert.com/     ICQ: 7116561
     http://www.snertsoft.com/

Lists Index Date Thread Search