[TAG] Re: lg-translators

Rick Moen rick at linuxmafia.com
Tue Apr 6 02:33:05 MSD 2004 

Quoting Ben Okopnik (ben at callahans.org):

> Rick's solution seems pretty tight for the moment, and it's a source of
> frustration to me that I can't use it. I may have to ask him to grant me
> shelter via an email account on his server at some point. :)

Well, Thomas gets mail here already, and you're welcome if/when you want
an account.  Just be warned that local administration often follows the
hallowed school of Benign Neglect.  (The cobbler's children go barefoot,
and all that.  Paid work comes first, and sometimes all I want to see is
a good book, when I come home.)

One thing spammers are at some pains to avoid is traceability (and thus
accountability).  Thus, Round One in the effort to clear up the spam
mess was eliminating open relay MTAs through a slow process of LARTing
offending sysadmins using blackhole lists, etc.  Now, we've shut those
down, but still have mail being pumped out from compromised MS-Windows 
"zombie" boxes, etc., with spoofed sender and Return-path (envelope)
headers.  

Taking the next step in cleaning up mail may become a little painful (as
was eliminating open relays):  For example, I just tightened up my
header checks a little further, but then found that my MTA at
linuxmafia.com suddenly rejected all test e-mails I sent from my laptop 
("cthulhu") at a client site.  It wasn't immediately obvious why.  I had
the following (eliding my client's company name):

 Envelope-To: rick at linuxmafia.com
 Received: from adsl-12-345-678-90.dsl.pltn13.blahblah.net ([12.345.678.90]
 +helo=cthulhu)
         by www.example.com with esmtp (TLS-1.0:RSA_ARCFOUR_SHA:16) (Exim 4.30)
         id 1BAaJr-0001sE-Ne
         for rick.moen at example.com; Mon, 05 Apr 2004 13:03:43 -0700
 Received: from rick by cthulhu with local (Exim 4.30) id 1B9s1j-0000Dq-QE
         for rick.moen at example.com; Sat, 03 Apr 2004 12:46:03 -0800
 Date: Sat, 3 Apr 2004 12:46:03 -0800
 From: Rick Moen <rick.moen at example.com>
 To: rick at linuxmafia.com

My MTA at linuxmafia.com claimed to be rejecting the mail because sender
"rick at example.com" could not be verified during the callouts.  My
initial assumption was that this was an example.com MTA problem -- that 
it was somewhere asserting my sender address to be "rick" rather than
the correct "rick.moen".

Upon close examination, the problem turned out to be my _laptop's_ MTA
configuration:  That MTA was putting "Return-path: rick at example.com" as
the SMTP _envelope_ header on outbound mail.  I was clueless about this
because I normally just SSH to the sending MTA box, and so never dealt
with the need to adjust the Return-path header.  

One does that via an entry in the system's /etc/email-addresses table,
if using Exim4:

 # This is /etc/email-addresses. It is part of the exim package
 #
 # This file contains email addresses to use for outgoing mail. Any local
 # part not in here will be qualified by the system domain as normal.
 #
 # It should contain lines of the form:
 #
 #user: someone at isp.com
 #otheruser: someoneelse at anotherisp.com
 rick: rick.moen at example.com

Anyhow, my more-general point is that -- as always -- things are going
to break as people tighten up authentication and security.  It's going
to get worse before it gets better.  People who do forwarding, people
sending from vanity domains, people with no valid reverse DNS, and so on
as likely to have problems in the short term.

-- 
Cheers,               No trees were destroyed in the sending of this message. 
Rick Moen             We do concede, though, that a large number of electrons 
rick at linuxmafia.com   were terribly inconvenienced.

More information about the TAG mailing list