Re: spam SW, EMS/RFMS
- Date: Fri, 20 Mar 1998 10:41:32 +0100 (MET)
Sigh...
Unfortunately you cannot block <> since there are a lot of mailing-lists
that use tha as a "from"-address...
( except from other reasons.. )
> Some time ago a new "player" seems to have entered the spam program
> market; it is usually referred to as
>
> "Express Mail Server" (EMS)
> "Rapid Fire Mail Server" (RFMS)
>
> Example:
>
> >Return-Path: <>
> >Received: from 166.55.38.53
> > (usr13-dialup53.mix1.WillowSprings.mci.net [166.55.38.53])
> > by chalmers.se (8.8.8/8.8.8) with SMTP id KAA15532
> > for FOO@localhost;
> > Fri, 6 Mar 1998 10:12:52 +0100 (MET)
> >Date: Fri, 6 Mar 1998 10:12:52 +0100 (MET)
> >Message-Id: <199803060912.KAA15532@localhost
> >From:
> >To:
> >Subject: Now you can easily have a mail server in your home.
>
> MX(arch.chalmers.se) = idefix.arch.chalmers.se/0, chalmers.se/100
>
> EMS/RFMS seems to have two "interesting" features:
>
> 1) "MAIL From: <>"; i.e. there is no real From that can take
> legal action due to fraud etc. Smart.
>
> 2) It makes use of MX hosts that have higher cost than the best
> one. At first this could seem like it just legitimately uses
> MX-records, but the increase in traffic and bounces through
> the host we run, chalmers.se; secondary MX for *.chalmers.se,
> tells us this is not by chance, this is made by will.
>
> In fact it's a clever way to prevent IP.src filtering at the
> destination hosts - if they refuse chalmers.se [129.16.1.1]
> then our entire MX-record system breaks down. Smart.
>
Why use secondary MX?
The sending MTA will keep the mail in any case until 1'MX is up...
( please comment my opinion!! )
/Uffe