Re: Which Spam Block List to use for a network?

[Matej Kovac <matej@pobox.sk>]

On Wed, Jun 23, 2004 at 07:33:52PM -0400, Blu wrote:
> On Wed, Jun 23, 2004 at 09:01:24PM +1000, Russell Coker wrote:
> > On Wed, 23 Jun 2004 18:23, Blu <blu@daga.cl> wrote:
> > > Well yes. Maybe I oversimplified. What I do is a callback to the MX of
> > > the envelope sender to see if it accepts mail to him/her. If not, the
> > > mail is rejected with an explicative 550.
> > 
> > You aren't the only one who does that.  I have found one other person who does 
> > that and who happens to have their mail server in an address range that's 
> > black-listed.  So when I sent mail to them their mail server made a call-back 
> > to mine, my server rejected that and their mail server then generated a 55x 
> > code that tried to summarise the code from mine.  Then my mail server took 
> > that and made it into a bounce message.
> 
> Of course I am not the first one doing this. In fact Exim4 has buitin
> capability to do so.
> 
> > The resulting message was something that I could not decipher even though I 
> > have 10 years of experience running Internet mail servers!  All I could do 
> > was post a message to a mailing list I knew the person was subscribed to and 
> > inform them that their server was borked in some unknown way.
> 
> :) Well, my approach is not that fancy. I just check if the callback
> passes the RCPT, and if not, issue a 550 with a short message telling
> that my host will not accept mail that cannot be answered.

you are receiving a message and you start callback to the mx if he passes
the rcpt test, but - the mx starts callback to you if you pass...

don't do this, this is a finger^H^H^H^H^H^H^Hn rcpt-war. and what is curious
is... what if yahoo would do rcpt checks and I forge some yahoo email? you would
try to rcpt-check yahoo? and they'd too... and I have put you in war with yahoo.

-- 
matej kovac
matej@pobox.sk