Re: Bug#207300: tmda: Challenge-response is fundamentally broken

To: Russell Coker <russell@coker.com.au>
Cc: debian-devel@lists.debian.org, 207300@bugs.debian.org
Subject: Re: Bug#207300: tmda: Challenge-response is fundamentally broken
From: Brian May <bam@debian.org>
Date: Sat, 30 Aug 2003 23:49:40 +0000
Message-id: <[🔎] 20030830234940.GH22469@snoopy.apana.org.au>
Mail-followup-to: Brian May <bam@debian.org>, Russell Coker <russell@coker.com.au>, debian-devel@lists.debian.org, 207300@bugs.debian.org
In-reply-to: <[🔎] 200308301601.19142.russell@coker.com.au>
References: <[🔎] uiun0dv1n94.fsf@echo.linpro.no> <[🔎] 20030829054813.GG31668@taz.net.au> <[🔎] 20030830004217.GE2742@snoopy.apana.org.au> <[🔎] 200308301601.19142.russell@coker.com.au>

On Sat, Aug 30, 2003 at 04:01:19PM +1000, Russell Coker wrote:
> > That is the idea behind autorespoonders after all, to tell the sender
> > that his mail didn't get through because it didn't meet some required
> > criteria.
> 
> A SMTP 550 code can convey all the information that is needed for bounces.

There are two problems with this.

1. The modular design of SMTP agents like postfix do not allow 
scanning of messages before the message has been accepted by the
MTA at the SMTP session. I think you would have to add hooks
into smtpd, but that is going to complicate the code.

2. All checks have to be automatic, and there is no chance of manual
review to ensure that the messages where geniune before bouncing it.

The list of known solutions follows:

(nil)

;-)

I have considered to possibility of using something like
zorp to act as a proxy SMTP server between the client and the
real server, but that would not work for encrypted SMTP
communications.

...and Yes, now that I have enabled SSL on my postfix,
at least some spammers do use encrypted SMTP sessions.
-- 
Brian May <bam@debian.org>

Reply to:

Follow-Ups:
- Re: Bug#207300: tmda: Challenge-response is fundamentally broken
  - From: Steve Lamb <grey@dmiyu.org>
- Re: Bug#207300: tmda: Challenge-response is fundamentally broken
  - From: Riku Voipio <riku.voipio@iki.fi>
- Re: Bug#207300: tmda: Challenge-response is fundamentally broken
  - From: Craig Sanders <cas@taz.net.au>

References:
- Re: tmda: Challenge-response is fundamentally broken
  - From: Tore Anderson <tore@linpro.no>
- Re: Bug#207300: tmda: Challenge-response is fundamentally broken
  - From: Craig Sanders <cas@taz.net.au>
- Re: Bug#207300: tmda: Challenge-response is fundamentally broken
  - From: Brian May <bam@debian.org>
- Re: Bug#207300: tmda: Challenge-response is fundamentally broken
  - From: Russell Coker <russell@coker.com.au>

Prev by Date: Re: debian archive disk space requirements.
Next by Date: Re: overwriting files from modules packages
Previous by thread: Re: Bug#207300: tmda: Challenge-response is fundamentally broken
Next by thread: Re: Bug#207300: tmda: Challenge-response is fundamentally broken
Index(es):
- Date
- Thread