You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-dev@james.apache.org by Anthony Buckton <an...@blackink.net.au> on 2002/04/18 18:39:27 UTC
Immediate 550 responses to illegal sends
Hi Guys,
A week or two ago, I downloaded James and started getting into things - including this list, so I apologise if I am covering old ground.
Over the last few days I have been getting hammered by a pseudo-yahoo user sending thousands of emails to other @yahoo.com users.
My strategy was to black-hole the emails, yet they still keep coming and my shiny new DSL link is becoming choked as this guy steps up his operations.
I would like to respond to the guy to inform him that his efforts are now fruitless, but the senders address is a fake, all I have is his IP and that doesn't respond to incoming connections :(
On checking how other do this, the recommendation what to respond with a "550" message during the SMTP connection to let the sender know that their mail is rejected - whilst they're is connected - preferrably as a response to his RCPT command - before the DATA starts racking up the byte counters at my ISP. The current Mailet checking and processing architecture doesn't allow this.
I have been working through the code (I'm checking out Eclipse which shows promise) and have come up with the following suggestion:
i) config.xml: Incorporates a tag in the <smtpserver> section, I've named <LocalRelated> which is a boolean and is responsible for setting a "localRelated" boolean in the SMTPHandler object.
ii) The following code would be executed:
if(localRelated)
{
MailAddress senderAddress = (MailAddress)state.get(SENDER);
boolean SenderHostIsLocal
= mailServer.isLocalServer(recipientAddress.getHost());
boolean RcptHostIsLocal
= mailServer.isLocalServer(senderAddress.getHost());
boolean SenderUserIsLocal
= mailServer.isLocalUser(recipientAddress.getUser());
boolean RcptUserIsLocal
= mailServer.isLocalUser(senderAddress.getUser());
// check if either the send/recv user+domain are local
if(!((SenderHostIsLocal && SenderUserIsLocal) ||
(RcptHostIsLocal && RcptUserIsLocal))) {
out.println("550 Cannot forward to that address");
getLogger().error("Sender " + senderAddress
+ " attempted to relay to " + recipientAddress);
return;
}
}
(This code would be inserted into doRCPT() method of the SMTPHandler object, most likely AFTER the AUTH checking code.)
iv) The method "public boolean isLocalUser(String name)" would need to inserted into the MailServer interface to make the method found in James object accessible by the SMTPHandler.
I realise that this may not meed all of the needs of all of the users - but it could be the start of some useful "fast spam stopping" tools.
Anthony
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Immediate 550 responses to illegal sends
Posted by Harmeet Bedi <ha...@kodemuse.com>.
----- Original Message -----
From: "Anthony Buckton" <an...@blackink.net.au>
> I would like to respond to the guy to inform him that his efforts are now
fruitless, but the senders address is a fake, all I have is his IP and that
doesn't respond to incoming connections :(
Would it be easier to block the IP address at the firewall level or some
other network level before it gets to your mail server.
Harmeet
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
Re: Immediate 550 responses to illegal sends
Posted by Serge Knystautas <se...@lokitech.com>.
Anthony,
Others have asked for some kind of quick-rejection, but the problem is
the layout you suggested it rather specific to your installation. I
personally would want local network SMTP to be always accepted as well
as something for a local account, plus whoever authenticated with SMTP
AUTH. Someone else may just be gatewaying to another server and only
want incoming mail for recipients and doesn't care who the sender is.
I don't believe it's feasible or practical to create predefined blocks
that match various installations, so the front-running idea was to allow
matchers to run during the multiple SMTP stages...after HELO, after MAIL
FROM, after RCPT TO, and after DATA. If you could add a few matchers in
each spot, we could offer much more customization possibilities for the
James admin.
However, as you can imagine, this quickly becomes complicated and may be
too much for what could be accomplished more simply elsewhere, like
already said for your case, just blocking the remote IP address at the
firewall level is probably the better approach.
--
Serge Knystautas
Loki Technologies - Unstoppable Websites
http://www.lokitech.com/
Anthony Buckton wrote:
> Hi Guys,
>
> A week or two ago, I downloaded James and started getting into things - including this list, so I apologise if I am covering old ground.
>
> Over the last few days I have been getting hammered by a pseudo-yahoo user sending thousands of emails to other @yahoo.com users.
> My strategy was to black-hole the emails, yet they still keep coming and my shiny new DSL link is becoming choked as this guy steps up his operations.
>
> I would like to respond to the guy to inform him that his efforts are now fruitless, but the senders address is a fake, all I have is his IP and that doesn't respond to incoming connections :(
>
> On checking how other do this, the recommendation what to respond with a "550" message during the SMTP connection to let the sender know that their mail is rejected - whilst they're is connected - preferrably as a response to his RCPT command - before the DATA starts racking up the byte counters at my ISP. The current Mailet checking and processing architecture doesn't allow this.
>
> I have been working through the code (I'm checking out Eclipse which shows promise) and have come up with the following suggestion:
>
> i) config.xml: Incorporates a tag in the <smtpserver> section, I've named <LocalRelated> which is a boolean and is responsible for setting a "localRelated" boolean in the SMTPHandler object.
>
>
> ii) The following code would be executed:
>
> if(localRelated)
> {
> MailAddress senderAddress = (MailAddress)state.get(SENDER);
> boolean SenderHostIsLocal
> = mailServer.isLocalServer(recipientAddress.getHost());
> boolean RcptHostIsLocal
> = mailServer.isLocalServer(senderAddress.getHost());
> boolean SenderUserIsLocal
> = mailServer.isLocalUser(recipientAddress.getUser());
> boolean RcptUserIsLocal
> = mailServer.isLocalUser(senderAddress.getUser());
>
> // check if either the send/recv user+domain are local
> if(!((SenderHostIsLocal && SenderUserIsLocal) ||
> (RcptHostIsLocal && RcptUserIsLocal))) {
> out.println("550 Cannot forward to that address");
> getLogger().error("Sender " + senderAddress
> + " attempted to relay to " + recipientAddress);
> return;
> }
> }
>
> (This code would be inserted into doRCPT() method of the SMTPHandler object, most likely AFTER the AUTH checking code.)
>
> iv) The method "public boolean isLocalUser(String name)" would need to inserted into the MailServer interface to make the method found in James object accessible by the SMTPHandler.
>
> I realise that this may not meed all of the needs of all of the users - but it could be the start of some useful "fast spam stopping" tools.
>
> Anthony
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Immediate 550 responses to illegal sends
Posted by Danny Angus <da...@thought.co.uk>.
> On checking how other do this, the recommendation what to respond
> with a "550" message during the SMTP connection to let the sender
> know that their mail is rejected -
James doesn't do this at the moment, but there are plans to make it do it.
You should also be aware that 550 allows spammers to harvest valid addresses
from your server.
d.
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
RE: Immediate 550 responses to illegal sends
Posted by Danny Angus <da...@thought.co.uk>.
Please don't cross post messages.
We are volunteers, if you don't get a reply it doesn't mean that no-one has
read your message.
Developers hang out on the users list, and I'm sure users lurk on the
developers list.
d.
> -----Original Message-----
> From: Anthony Buckton [mailto:anthony@blackink.net.au]
> Sent: 18 April 2002 17:39
> To: James Developers List; James Developers List
> Subject: Immediate 550 responses to illegal sends
>
>
> Hi Guys,
>
> A week or two ago, I downloaded James and started getting into
> things - including this list, so I apologise if I am covering old ground.
>
> Over the last few days I have been getting hammered by a
> pseudo-yahoo user sending thousands of emails to other @yahoo.com users.
> My strategy was to black-hole the emails, yet they still keep
> coming and my shiny new DSL link is becoming choked as this guy
> steps up his operations.
>
> I would like to respond to the guy to inform him that his efforts
> are now fruitless, but the senders address is a fake, all I have
> is his IP and that doesn't respond to incoming connections :(
>
> On checking how other do this, the recommendation what to respond
> with a "550" message during the SMTP connection to let the sender
> know that their mail is rejected - whilst they're is connected -
> preferrably as a response to his RCPT command - before the DATA
> starts racking up the byte counters at my ISP. The current Mailet
> checking and processing architecture doesn't allow this.
>
> I have been working through the code (I'm checking out Eclipse
> which shows promise) and have come up with the following suggestion:
>
> i) config.xml: Incorporates a tag in the <smtpserver> section,
> I've named <LocalRelated> which is a boolean and is responsible
> for setting a "localRelated" boolean in the SMTPHandler object.
>
>
> ii) The following code would be executed:
>
> if(localRelated)
> {
> MailAddress senderAddress = (MailAddress)state.get(SENDER);
> boolean SenderHostIsLocal
> = mailServer.isLocalServer(recipientAddress.getHost());
> boolean RcptHostIsLocal
> = mailServer.isLocalServer(senderAddress.getHost());
> boolean SenderUserIsLocal
> = mailServer.isLocalUser(recipientAddress.getUser());
> boolean RcptUserIsLocal
> = mailServer.isLocalUser(senderAddress.getUser());
>
> // check if either the send/recv user+domain are local
> if(!((SenderHostIsLocal && SenderUserIsLocal) ||
> (RcptHostIsLocal && RcptUserIsLocal))) {
> out.println("550 Cannot forward to that address");
> getLogger().error("Sender " + senderAddress
> + " attempted to relay to " + recipientAddress);
> return;
> }
> }
>
> (This code would be inserted into doRCPT() method of the
> SMTPHandler object, most likely AFTER the AUTH checking code.)
>
> iv) The method "public boolean isLocalUser(String name)" would
> need to inserted into the MailServer interface to make the method
> found in James object accessible by the SMTPHandler.
>
> I realise that this may not meed all of the needs of all of the
> users - but it could be the start of some useful "fast spam
> stopping" tools.
>
> Anthony
>
>
> --
> To unsubscribe, e-mail:
<ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>