[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Email Spoofing



Uhh,

guess my English was too bad, or you did not
read my mail carefully.

Dana Hudes schrieb:


On Wed, 21 Jul 2004, Dirk Schreiner wrote:

SMTP (as the name says) is the transport layer for Mail communication,
and as UDP in the OSI-Layer 4, it is just DATAGRAM based and _not_ reliable!
(Hey, we should use SNMP to make UDP reliable. SCNR)


SMTP most certainly does not use UDP. DNS does, but SMTP uses TCP port 25.
Always has.

As native SMTP speaker, i know it is using TCP.
I meant SMTP is transporting Mail.
And SMTP does this like UDP transports Data.
Packetwise, and not reliable.


SMTP is Simple Mail Transport Protocol

I Knew this. ;-)

As for SPf. There IS an SPF which is a routing algorithm (not protocol).
It uses the Djikstra algorithm. SPF is used in OSPF and in IS-IS.
Yes, OSPF uses UDP -- and has nothing particularly to do with e-mail.

Oh, yes, heard this at my cisco certification. ;-)


The SPF for e-mail however ...well, yeah since it relies on dns it can be said to use UDP. The reliability? Left to DNS (n.b. zone transfers in DNS may be done over TCP but that's not relevant here). I'm not arguing the impact or lack thereof of the SPF e-mail authentication initiative. I just need to make sure you are talking about the right issues for the right reasons.

Yes, i just used those as example. I meant, that SMTP is
working like a Routing Protocol (therefore often spoken
as "Mail Routing"). It uses "Routers" (Mailserver)
"routing-Tables" (MX-record), "Gateway`s" (Forwarder).
...


One does not need SPF to prevent people sending you email with your own
domain from elsewhere. That is accomplished with SASL. I haven't gotten
around to setting up SASL myself because I don't get much spam -- or
viruses-- with my own domain that gets past all the RBL (spamcop, sorbs,
abuseat, among others) I have setup in Postfix.
Mind, I do get some but an awful lot is blocked.

I prefer to mark Spam as Spam, and delete by hand.
(Never trust anything/body just talking 0 or 1)


The far more controversial action is to block foreign (i.e. not under the same administrativ authority) dynamic ip address ranges from talking to your mail server. This DOES break some people who have setup, on their NAT'd cable modem -attached LAN, their own mail relay so they can see that the mail was in fact delivered. Worse yet there are people on dialup who do the same thing. They then whine and complain that all ip addresses are created equal and there is no basis for discriminating.

I never will understand, why anybody needs to block IP (Layer3)
to prevent Spammers. Spam is a Problem on Layer 5.



If ISPs blocked the use of external mail relays and forced you to go through their relay if you are on a dynamic ip address range this wouldn't be a problem. but if you do that these users whine and complain.

I guess, you do not do buisiness traveling.

6:30 At Home Checking E-Mail.
9:00 Location 1 Checking E-Mail.
12:00 Customers Network Checking E-Mail.
16:00 Railway-Station Wlan Checking E-Mail
19:00 Hotel, Checking E-Mail.
And sometimes:
22:00 Bar-Wlan Checking E-Mail.

Just a normal Day.
6 Times configuring different SMTP Server.

Think about this.


Still, for every 1 message that's legitimate from a dynamic ip address I get a thousand viruses and spams.

You should not put youre E-Mail Address in any Web-Formula.
Use temporary E-Mail Addresses for such usage.
;-))


Here and there I lose legit email from losers whose dns is inconsistent:
they have a forward entry which resolves to an ip address which reverse resolves to a DIFFERENT hostname which does not have a forward entry.
I've got postfix configured, per RFC 2055, to drop such e-mail.
Have yet to convince any of these clowns network team that they have a problem.

I agree, i hate such configuration problems too.


I will name names upon request.


No, no, don`t do so. ;-))


Dirk TRIA IT-consulting GmbH Joseph-Wild-Stra?e 20 81829 Munchen Germany Tel: +49 (89) 92907-0 Fax: +49 (89) 92907-100 http://www.tria.de --------------------------------------------------------

working hard | for your success
--------------------------------------------------------

Registergericht Munchen HRB 113466 USt.-IdNr. DE 180017238 Steuer-Nr. 802/40600 Geschaftsfuhrer: Hubertus Wagenhauser
--------------------------------------------------------
Nachricht von: dirk.schreiner@xxxxxxx Nachricht an: suse-security@xxxxxxxx # Dateianhange: 0 Die Mitteilung dieser E-Mail ist vertraulich und nur fur den oben genannten Empfanger bestimmt. Wenn Sie nicht der vorgesehene Empfanger dieser E-Mail oder mit der Aushandigung an ihn betraut sind, weisen wir darauf hin, da? jede Form der Kenntnisnahme, Veroffentlichung, Vervielfaltigung sowie Weitergabe des Inhalts untersagt ist. Wir bitten Sie uns in diesem Fall umgehend zu unterrichten. Vielen Dank The information contained in this E-Mail is privileged and confidental intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient or competent to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this E-Mail is strictly prohibited. If you have received this E-Mail in error, please notify us immediately. Thank you

















--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here