Re: Bug#207300: tmda: Challenge-response is fundamentally broken

To: Brian May <bam@debian.org>, debian-devel@lists.debian.org, 207300@bugs.debian.org
Subject: Re: Bug#207300: tmda: Challenge-response is fundamentally broken
From: Russell Coker <russell@coker.com.au>
Date: Sat, 30 Aug 2003 16:01:19 +1000
Message-id: <[🔎] 200308301601.19142.russell@coker.com.au>
Reply-to: russell@coker.com.au
In-reply-to: <[🔎] 20030830004217.GE2742@snoopy.apana.org.au>
References: <[🔎] uiun0dv1n94.fsf@echo.linpro.no> <[🔎] 20030829054813.GG31668@taz.net.au> <[🔎] 20030830004217.GE2742@snoopy.apana.org.au>

On Sat, 30 Aug 2003 10:42, Brian May wrote:
> On Fri, Aug 29, 2003 at 03:48:13PM +1000, Craig Sanders wrote:
> > the point that you keep on missing is that TMDA and similar programs send
> > "confirmation" emails to innocent third-parties who did *NOT* send an
> > email.
> >
> > TMDA and all C-R systems are broken-by-design, just as many stupid
> > end-user "autoresponders" and AV-scanners that send notifications back to
> > the forged sender address are broken-by-design.
>
> You saying that any SMTP MTA that sends bounces to unauthenticated
> E-Mail addresses is also broken?

Yes.

> That is the idea behind autorespoonders after all, to tell the sender
> that his mail didn't get through because it didn't meet some required
> criteria.

A SMTP 550 code can convey all the information that is needed for bounces.

> E-Mail that looks suspicious can be valid mail at times, for instance
> somebody I knew tried to send a ZIP file that happened to be executable
> via E-Mail.

If the mail server it was sent to responded with:
550 Don't want ZIP files of .exe content

Then the bounce message would have been clear and there would be no chance of 
it going to the wrong person.

If the C-R systems we are discussing would send their challenge in the 550 
SMTP code then I doubt that anyone would have any problem with them.

> The problem is that I see no easy way to fix this problem to the large
> scale required on the Internet while keeping store-and-forward "feature"
> of SMTP.

The old-style store and forward is dead.

Backup MX servers serve no useful purpose in the modern Internet, this is why 
big sites such as microsoft.com and hotmail.com don't have them.

If you have a backup MX then it should know all the acceptable email addresses 
in your domain and enforce all rules regarding acceptable content.  Then it 
can block content through SMTP 550 and 450 codes.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

Follow-Ups:
- Re: Bug#207300: tmda: Challenge-response is fundamentally broken
  - From: Brian May <bam@debian.org>
- Re: Bug#207300: tmda: Challenge-response is fundamentally broken
  - From: Craig Sanders <cas@taz.net.au>

References:
- Re: tmda: Challenge-response is fundamentally broken
  - From: Tore Anderson <tore@linpro.no>
- Re: Bug#207300: tmda: Challenge-response is fundamentally broken
  - From: Craig Sanders <cas@taz.net.au>
- Re: Bug#207300: tmda: Challenge-response is fundamentally broken
  - From: Brian May <bam@debian.org>

Prev by Date: Re: Accepted kaffe 1:1.1.1-1 (i386 source)
Next by Date: .iso conflict, discussion of resolution
Previous by thread: Re: Bug#207300: tmda: Challenge-response is fundamentally broken
Next by thread: Re: Bug#207300: tmda: Challenge-response is fundamentally broken
Index(es):
- Date
- Thread