Mailserver Admin Stupidity

Discussion in 'NZ Computing' started by Evil Bastard, Jan 31, 2004.

  1. Evil Bastard

    Evil Bastard Guest

    For ****'s sake, when will mailserver admins disable automatic bouncing to
    the purported sender address?

    I'm getting 200 bounces a day, due to this latest winshit virus forging my
    email address.

    My mailserver is not even involved in the original message.

    But these stupid fucking mailservers are not even comparing the IP address
    of the incoming message session with the IP address resulting from a
    lookup of the claimed sender.

    And this is the weakness in my otherwise almost bulletproof spam filter -
    it is set to allow bounce messages.

    This mailserver dumbness is bad enough.

    But the real blame goes to all the Joe Fuckwit Windows Users out there who
    say 'duhh, whaddya mean there's better software than windows, outlook
    express, internet explorer? I'm not gonna change, it sounds too technical'.

    And, to Microsoft itself, for facilitating and encouraging people to stay
    in this stupidity, so they can remain as ignorant marketing cash cows.

    Microsoft is way overdue for a class action suit filed by
    hundreds of corporations, thousands of small businesses and millions of
    users, for the time, money and even data that's been lost because of
    Microsoft's negligent product design.

    $50 billion in the bank?
    Give it to the users you've fucked over!!!

    EB
     
    Evil Bastard, Jan 31, 2004
    #1
    1. Advertising

  2. Evil Bastard

    steve Guest

    Evil Bastard wrote:

    > For ****'s sake, when will mailserver admins disable automatic bouncing to
    > the purported sender address?


    No kidding.

    > I'm getting 200 bounces a day, due to this latest winshit virus forging my
    > email address.


    I've had about 30 today.

    > My mailserver is not even involved in the original message.


    If you're like me, you don't even use friggin' Windows......yet have to
    suffer this crap.

    .................

    > But the real blame goes to all the Joe Fuckwit Windows Users out there who
    > say 'duhh, whaddya mean there's better software than windows, outlook
    > express, internet explorer? I'm not gonna change, it sounds too
    > technical'.


    I KNOW how you feel, mate!!

    > And, to Microsoft itself, for facilitating and encouraging people to stay
    > in this stupidity, so they can remain as ignorant marketing cash cows.


    Yep.

    > Microsoft is way overdue for a class action suit filed by
    > hundreds of corporations, thousands of small businesses and millions of
    > users, for the time, money and even data that's been lost because of
    > Microsoft's negligent product design.


    We've seen how they corrupt courts over and over in the US and elsewhere.
     
    steve, Jan 31, 2004
    #2
    1. Advertising

  3. Evil Bastard

    Dave Taylor Guest

    Evil Bastard <postmaster@127.0.0.1> wrote in
    news:pan.2004.01.31.03.26.12.223913@127.0.0.1:

    > For ****'s sake, when will mailserver admins disable automatic
    > bouncing to the purported sender address?
    >


    I have noticed that at least this issue is being mentioned in the write ups
    for the worm. Progress is being made.
    Ciao, Dave
     
    Dave Taylor, Jan 31, 2004
    #3
  4. In article <pan.2004.01.31.03.26.12.223913@127.0.0.1>,
    Evil Bastard <postmaster@127.0.0.1> wrote:

    >For ****'s sake, when will mailserver admins disable automatic bouncing to
    >the purported sender address?


    It's difficult to automatically determine the true sender from the
    headers.

    The next best thing is, when bouncing the message back, to at least
    include the full headers. That way the person receiving the bounce can
    work out where the message really came from.

    Back in the days of SoBig and Klez.H, every time I got a bounce with
    insufficient information, I would send back a query asking for the full
    headers. I figure if I annoyed enough sysadmins about this, they would
    get the idea. :)

    Unfortunately, the current deluge of Mimail or MyDoom or whatever the
    hell it is is so great that I'm no longer bothering...
     
    Lawrence D¹Oliveiro, Jan 31, 2004
    #4
  5. Evil Bastard

    Gavin Tunney Guest

    On Sat, 31 Jan 2004 16:26:13 +1300, Evil Bastard
    <postmaster@127.0.0.1> wrote: nothing worth repeating
    >


    You could always try looking on the bright side. At least you don't
    need a fire extinguisher in your house... enough foam coming out there
    to put out a bushfire.

    Gavin
     
    Gavin Tunney, Jan 31, 2004
    #5
  6. On Sat, 31 Jan 2004 16:26:13 +1300, Evil Bastard wrote:

    > For ****'s sake, when will mailserver admins disable automatic bouncing to
    > the purported sender address?


    And sender notifications of "you have sent a virus"

    > I'm getting 200 bounces a day, due to this latest winshit virus forging my
    > email address.


    You're lucky. I'm getting that many an hour at times.
     
    Uncle StoatWarbler, Jan 31, 2004
    #6
  7. Evil Bastard

    Ralph Fox Guest

    On Sat, 31 Jan 2004 16:26:13 +1300, in article
    <pan.2004.01.31.03.26.12.223913@127.0.0.1>, Evil Bastard wrote:

    > For ****'s sake, when will mailserver admins disable automatic bouncing to
    > the purported sender address?


    Evidently you're talking about the "MAIL FROM" purported sender
    (where the bounce goes to), not the "HELO"/"EHLO" claimed sender
    (where the incoming message session claims to be from).

    > I'm getting 200 bounces a day, due to this latest winshit virus forging my
    > email address.
    >
    > My mailserver is not even involved in the original message.
    >
    > But these stupid fucking mailservers are not even comparing the IP address
    > of the incoming message session with the IP address resulting from a
    > lookup of the claimed sender.


    1. I routinely send email through Paradise, using my Xtra email
    address. I want to see bounces, even though
    • The IP address of the incoming message session will be
    a Paradise IP (Paradise's outgoing mail server).
    • The IP address resulting from a lookup (MX record) of
    the "MAIL FROM" claimed sender will be an Xtra IP address.


    2. A _simple_ IP comparison is not good enough. Even when using
    one ISP, the IP address of the incoming message session
    need not be the same as the IP address resulting from a
    lookup of the claimed sender. The first one will be the IP
    address of the ISP's outgoing mail server and the second one
    will be the IP address of the ISP's mail exchanger.


    3. If you did mean the "HELO"/"EHLO" claimed sender, then
    not allowing this to be forged isn't going to stop your
    email address from being forged in the "MAIL FROM".

    Most mail servers put the IP of the incoming session
    in the "Received" headers, so spammers don't gain too much
    by forging the "HELO"/"EHLO" claimed sender. A lot of
    spam I see simply sets the "HELO"/"EHLO" claimed sender
    to the same [IP] as the incoming session.


    --
    Cheers,
    Ralph

    Politics is the art of getting power and
    privilege without possessing merit.
     
    Ralph Fox, Jan 31, 2004
    #7
  8. On Sat, 31 Jan 2004 21:59:04 +1300, Lawrence D¹Oliveiro wrote:

    >>For ****'s sake, when will mailserver admins disable automatic bouncing to
    >>the purported sender address?

    >
    > It's difficult to automatically determine the true sender from the
    > headers.


    It's easier to not accept-then-bounce.

    > The next best thing is, when bouncing the message back, to at least
    > include the full headers. That way the person receiving the bounce can
    > work out where the message really came from.


    Most systems do that anyway. More to the point they shouldn't be accepting
    mail for any random name in their domain then sending mail later saying
    they can't deliver it. Verifying the existance of a local name is trivial
    and most MTAs have been doing it for at least a decade.

    Of course the ones which aren't are windows based, or Qmail.
     
    Uncle StoatWarbler, Jan 31, 2004
    #8
  9. Uncle StoatWarbler wrote:

    > Most systems do that anyway. More to the point they shouldn't be accepting
    > mail for any random name in their domain then sending mail later saying
    > they can't deliver it. Verifying the existance of a local name is trivial
    > and most MTAs have been doing it for at least a decade.
    >
    > Of course the ones which aren't are windows based, or Qmail.


    Assuming your talking to the server that has details of the users on it, for all
    you know it may be a backup MX server that will simply relay it to the main mail
    server when it is available, or else some go between server that is checking
    content of the messages, no need for that to have details of all the users.

    And, rejecting based on user gives rise to the rumplestiltskin attacks where you
    know the ones that are delivered because the server doesnt reject the recipiant.

    I think its better that all failed messages are just dropped, spam filtering
    means that enough mail goes missing already, a few more wouldnt go unnoticed.
     
    Richard Malcolm-Smith, Feb 1, 2004
    #9
  10. Evil Bastard

    pbs Guest

    Richard Malcolm-Smith wrote:
    > Uncle StoatWarbler wrote:
    >
    >> Most systems do that anyway. More to the point they shouldn't be
    >> accepting
    >> mail for any random name in their domain then sending mail later saying
    >> they can't deliver it. Verifying the existance of a local name is trivial
    >> and most MTAs have been doing it for at least a decade.
    >>
    >> Of course the ones which aren't are windows based, or Qmail.

    >
    >
    > Assuming your talking to the server that has details of the users on it,
    > for all you know it may be a backup MX server that will simply relay it
    > to the main mail server when it is available, or else some go between


    But when the main mail server is available then it should know if theses
    are legitimate addresses.


    > And, rejecting based on user gives rise to the rumplestiltskin attacks
    > where you know the ones that are delivered because the server doesnt
    > reject the recipiant.


    True, but I think the utility out ways the potential disadvantages. As
    "return receipts" are even less likly to work, it is a very useful
    service to have email with the wrong delivery address returned, Like
    post office RTS, because one can easily make a typing mistake with an
    email address (particularly if it is in ISO format). It appears very
    unprofessional (and can be difficult) to contact someone by another
    method to check whether they have or have not received your important
    email. .
     
    pbs, Feb 1, 2004
    #10
  11. In article <bvij0q$3n9$>,
    Richard Malcolm-Smith <> wrote:

    >And, rejecting based on user gives rise to the rumplestiltskin attacks where
    >you know the ones that are delivered because the server doesnt reject the
    >recipi[e]nt.


    There's an easy solution to that, which Postfix implements by default:
    delay some number of seconds before returning the "no such user"
    response. That'll make little difference to the delivery of legitimate
    mail (invalid users should be rare), but slows down rumpelstiltskin
    attacks to the point of uselessness.
     
    Lawrence D'Oliveiro, Feb 2, 2004
    #11
  12. Evil Bastard

    Enkidu Guest

    On Mon, 02 Feb 2004 11:27:15 +1300, pbs
    <> wrote:

    >Richard Malcolm-Smith wrote:
    >> Uncle StoatWarbler wrote:
    >>
    >>> Most systems do that anyway. More to the point they shouldn't be
    >>> accepting
    >>> mail for any random name in their domain then sending mail later saying
    >>> they can't deliver it. Verifying the existance of a local name is trivial
    >>> and most MTAs have been doing it for at least a decade.
    >>>
    >>> Of course the ones which aren't are windows based, or Qmail.

    >>
    >>
    >> Assuming your talking to the server that has details of the users on it,
    >> for all you know it may be a backup MX server that will simply relay it
    >> to the main mail server when it is available, or else some go between

    >
    >But when the main mail server is available then it should know if theses
    >are legitimate addresses.
    >

    Many sites (like mine) have a setup where there is an external
    mailserver which just sits there and forwards mail through the
    firewall. The external mail server does not know whether or not an
    email account is valid until it passes the mail through to the
    internal mailserver. The internal mail server only accepts mail
    relayed by the external mail server.

    Cheers,

    Cliff
    --

    I think that Don Brash is a Labour mole.
    That would explain everything.
     
    Enkidu, Feb 2, 2004
    #12
  13. Evil Bastard

    pbs Guest

    Enkidu wrote:
    > On Mon, 02 Feb 2004 11:27:15 +1300, pbs
    > <> wrote:
    >
    >
    >>Richard Malcolm-Smith wrote:
    >>
    >>>Uncle StoatWarbler wrote:
    >>>
    >>>
    >>>>Most systems do that anyway. More to the point they shouldn't be
    >>>>accepting
    >>>>mail for any random name in their domain then sending mail later saying
    >>>>they can't deliver it. Verifying the existance of a local name is trivial
    >>>>and most MTAs have been doing it for at least a decade.
    >>>>
    >>>>Of course the ones which aren't are windows based, or Qmail.
    >>>
    >>>
    >>>Assuming your talking to the server that has details of the users on it,
    >>>for all you know it may be a backup MX server that will simply relay it
    >>>to the main mail server when it is available, or else some go between

    >>
    >>But when the main mail server is available then it should know if theses
    >>are legitimate addresses.
    >>

    >
    > Many sites (like mine) have a setup where there is an external
    > mailserver which just sits there and forwards mail through the
    > firewall. The external mail server does not know whether or not an
    > email account is valid until it passes the mail through to the
    > internal mailserver. The internal mail server only accepts mail
    > relayed by the external mail server.
    >


    I agree with you. The internal email, if it is a nice one, will return
    emails with invalid addresses to the sender. The external server you
    describe is just a relay that stores and forward messages, which is
    something email servers do very well. Of course it can not validate user
    IDs of a domain or sub-domain too which it is relaying.
     
    pbs, Feb 2, 2004
    #13
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Alexander Szigetvary

    Mailserver behind PIX 501

    Alexander Szigetvary, Sep 23, 2004, in forum: Cisco
    Replies:
    1
    Views:
    554
    Martin Bilgrav
    Sep 23, 2004
  2. Ben Lord

    MailGate Mailserver

    Ben Lord, Oct 18, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    388
    Frederic
    Oct 19, 2003
  3. dennis

    mailserver or webhosting service

    dennis, Dec 4, 2003, in forum: Computer Information
    Replies:
    0
    Views:
    377
    dennis
    Dec 4, 2003
  4. joe cremona

    ISPs external connections to mailserver

    joe cremona, Apr 25, 2004, in forum: NZ Computing
    Replies:
    45
    Views:
    914
    Enkidu
    Apr 29, 2004
  5. Shane (aka froggy)

    mailserver

    Shane (aka froggy), Mar 26, 2005, in forum: NZ Computing
    Replies:
    17
    Views:
    689
Loading...

Share This Page