[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#207300: tmda: Challenge-response is fundamentally broken

On Sat, Aug 30, 2003 at 04:01:19PM +1000, Russell Coker wrote:
> > That is the idea behind autorespoonders after all, to tell the sender
> > that his mail didn't get through because it didn't meet some required
> > criteria.
> A SMTP 550 code can convey all the information that is needed for bounces.

There are two problems with this.

1. The modular design of SMTP agents like postfix do not allow 
scanning of messages before the message has been accepted by the
MTA at the SMTP session. I think you would have to add hooks
into smtpd, but that is going to complicate the code.

2. All checks have to be automatic, and there is no chance of manual
review to ensure that the messages where geniune before bouncing it.

The list of known solutions follows:



I have considered to possibility of using something like
zorp to act as a proxy SMTP server between the client and the
real server, but that would not work for encrypted SMTP

...and Yes, now that I have enabled SSL on my postfix,
at least some spammers do use encrypted SMTP sessions.
Brian May <bam@debian.org>

Reply to: