On Fri, Jun 11, 2004 at 09:58:46AM EDT, Spiro Trikaliotis wrote: > * On Fri, Jun 11, 2004 at 05:55:42AM -0400 David Yitzchak Cohen wrote: > > Many of the "security" problems found in sendmail are actually > > configuration bugs (sometimes in the stock configs shipped in the > > package), though, which just goes to illustrate what I noted above. > > A program which is so hard to config is a security problem. It's only a security problem per se if you aren't prepared to learn how to use it properly. Any powerful tool can be a major problem if used improperly. I don't claim to know everything there is to know about sendmail (and somehow doubt anybody does - few people are familiar with anywhere near all of the Linux kernel code, and if you count the architecture-specific portions, nobody's familiar with all of it), but I read an awful lot, and I get people to actively try to break my systems after seeing the configs. > > If somebody silently discards emails, he's setting himself up for > > potential problems, now that email is legally recognized as the > > primary (and sometimes sole) communication medium in many contracts. > > Well, but if a SPAM tool like spamassassin drops a mail, this is not > allowed? Do I have to look through all my SPAM? (BTW: Something I do at > the moment.) I doubt that. If a SPAM tool like SpamAssasin decides something is SPAM, it'll return a failure error code, and the MTA calling it will refuse the mail with an anti-spam complaint. (The number and message both vary by MTA, and sendmail supports a few conventions right out of the box.) If you're calling SA from an MDA like procmail, the MDA will typically return a DSN to the sender (as best it's able to guess said entity from the mail). If not, you're failing to follow the rules of SMTP, and ought to be shot (regardless of what German courts may rule) ;-P > Using most spam tools, normally, you do not reject the mail at the MTA, > do you? Most MTAs have plugins for anti-spam tools. Sendmail (exposing so much functionality at the config file level), of course, allows you to do far more than simply "plugin" the anti-spam functionality, but virtually all MTAs have at least basic support. > Or, do you send negative acknowledgements that your spam tool > has dropped a mail? Under normal circumstances, if you run the anti-spam tool from your MDA instead of your MTA (where it really _should_ be run), your MDA will automatically get a DSN out to the supposed sender if his message was rejected. > I hope not, because I get enough confirmations from > anti-virus tools. huh? > > However, silently discarding anything that you're not 100% sure is > > SPAM is a stupid idea, since not only are you losing real mail > > Most spam tools look at more than one characteristic to decide of > something is spam or not. Looking at spamassassin, I know enough people > who discard anything above 5.0 completely. You _can_, if you want. However, if a real sender gets a mailer daemon error in his inbox, he'll read it, and realize his message didn't go through because it failed the anti-spam test. He's now got the opportunity to "deSPAMify" his mail and resend. (A real SPAMmer, of course, isn't gonna want to "deSPAMify" his mail, and so is probably not going to bother resending until the next batch.) > I do not, but look at them on > a daily basis. I do the same, but only once a month. > There have been some false positives so far, and I'm glad > I did not discard them. But others do. I've had zero false positives, but that's because my SPAM detector is template-based, and with my conservative templates, I don't expect to ever have a false positive. The only downside is that my filter doesn't block much more than about half the SPAM. I'm hoping to fix that someday (when the remaining SPAM bothers me enough) by autogenerating identity templates from a spamcatcher addy. > > (which you've legally received - it's like getting a piece of > > registered mail, and just throwing it out after signing on the dotted > > line), > > No. At least here in germany, you have to prove that the mail reached > the recipient. If you don't get a negative acknowledge, you cannot > assume that the mail reached the recipient [1]. You have to proof that > the mail has reached the right recipient. I can't read German. How are you supposed to prove that a mail reached the right recipient without stealing his computer? Clearly, anybody who sets up an MX record and advertizes in the banner that he supports SMTP is agreeing to abide by the SMTP protocol, and by saying "I got the message" in SMTP-speak, he's essentially acknowledging receipt of the mail. Why the German courts might want to rule otherwise is beyond me. . . > > but you're not even letting the real mailer know that you just threw > > his mail on the floor. I _never_ claim to receive something and then > > throw it on the floor; the most I do is temporarily block the sending > > IP. > > It's not me who is doing that. But my mail was dropped more than once > this way, especially on mailing lists, so I only use smarthosts now. At least MailMan-run lists have a plugin architecture to handle SPAM. MailMan attempts to notify senders when incoming mail is bad, IIRC. - Dave -- Uncle Cosmo, why do they call this a word processor? It's simple, Skyler. You've seen what food processors do to food, right? Please visit this link: http://rotter.net/israel
Attachment:
pgp0P5HC8Fh40.pgp
Description: PGP signature