[37967] in North American Network Operators' Group
Re: Stealth Blocking
daemon@ATHENA.MIT.EDU (J.D. Falk)
Sat May 26 06:06:43 2001
Date: Fri, 25 May 2001 20:24:59 -0700
From: "J.D. Falk" <jdfalk@cybernothing.org>
To: nanog@merit.edu
Message-ID: <20010525202459.L67214@cybernothing.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <20010525073352.B16908@eiv.com>; from smcmahon@eiv.com on Fri, May 25, 2001 at 07:33:52AM -0400
Errors-To: owner-nanog-outgoing@merit.edu
On 05/25/01, Shawn McMahon <smcmahon@eiv.com> wrote:
> On Thu, May 24, 2001 at 05:49:54PM -0700, Roeland Meyer wrote:
> >
> > Guys, there are more cases that may look like an open relay, but really
> > aren't.
>
> I don't see how you can have a false positive on an open relay test. Either
> it allows you to send a test email through, or it doesn't. If it does,
> it is by definition open.
Usually, a false positive on a relay test can happen in one
of two ways:
1. you're downstream of the operators of the server
that you're testing, and therefore are legitimately
relaying through it (as you suggested), or
2. you don't wait to see if the message comes back.
Lemme expand on #2 just a bit. Some mail servers will appear
to accept all mail, and not send a 5xx response immediately.
Some won't even generate a bounce message. But they also won't
forward the message on to its' off-site recipient. It'll just
disappear into the bit bucket. That's not an open relay, but
most relay-tester scripts will just say "the message has been
accepted, it must be open."
--
J.D. Falk SILENCE IS FOO!
<jdfalk@cybernothing.org>
