Re: Breaking up the Bot army - we need a plan

[ha...@t-online.de]

so what is wrong with a MTA that
- checks helo and just takes a note
- accepts smtp auth, if provided (and erases bad notes from the helo in that case)
- accepts an optional second helo after the auth and discards it
- accepts mail from and rcpt to
... and at the first rcpt to issues a 5xx if the dialogue so far does not meet expectations,
e.g. a non-auth transaction must go to one of the domains on that server,
and any transaction mentioning one of the local domains in helo or mail from must be
authenticated, and the mail from domain must exist

I recall ebay mails got rejected when I first started this, and according to a recent discussion
job monsters would also reject .... I hope enough admins rejecting that stuff would help to
educate these sites

Wolfgang Hamann


Robert LeBlanc wrote:
>> Matthias Keller wrote:
>> 
>> > And just closing port 25 outgoing wont help for long as spammers just
>> > switch to submission port
>> 
>> Yes, but the point of using a submission port to segregate the traffic
>> channels is not to obfuscate things for spammers, it's to allow a mail
>> administrator to apply different acceptance criteria to the different
>> channels.  Connections arriving on port 25 can be assumed to come from
>> servers with MX records, so that becomes a testable assumption and a
>> precondition for connection.  Connections arriving on the submission
>> port can be assumed to come from clients, and those users presumably
>> have local accounts they can authenticate with using SMTP auth.
>> Spammers who simply redirect their traffic to the submission port won't
>> get anywhere without also being able to defeat the SMTP auth component.
>>