[27461] in North American Network Operators' Group
Re: SMTP in distributed DOS
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Sun Feb 20 16:11:10 2000
Message-Id: <200002202107.e1KL7Qc29420@black-ice.cc.vt.edu>
To: Adam McKenna <adam@flounder.net>
Cc: nanog@merit.edu
In-reply-to: Your message of "Sun, 20 Feb 2000 15:57:20 EST."
<20000220155720.A22930@flounder.net>
From: Valdis.Kletnieks@vt.edu
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Sun, 20 Feb 2000 16:07:25 -0500
Errors-To: owner-nanog-outgoing@merit.edu
On Sun, 20 Feb 2000 15:57:20 EST, Adam McKenna said:
> MTA's don't send bounces to host names in Received: headers, they send
> bounces to RFC 822 envelope sender addresses. (At least, that's what they're
> SUPPOSED to do.)
Correct. But the person said we *should* bounce back to the originating IP
address, which is what's logged in the Received: header. My point was that
if we *did* what he suggested, *his* mail would quite possibly be broken
by taking the action. I've seen a number of mail packages (PP from the
ISODE comes to mind, but there's others) that refused to accept mail if
they couldn't verify at message submission time that they'd be able to send
back a bounce message. I'm not saying that's correct EITHER, just that
there's sites that do that.
The *real* fix is for everybody to refuse to accept mail from spamhauses
or identified open relays. Not that *that* approach doesn't break things
as well (most notably, you don't accept mail from innocent people who
happen to be unlucky/unclued enough to use the same ISP as the spamhaus).
If solving spam and DOS problems were simple, we'd all have gotten out
our baseball bats and DONE it already..... ;)
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
