Subject: spamd greylisters, please test this. subtle but important change
Newsgroups: gmane.os.openbsd.tech
Date: 2006-11-22 16:48:50 GMT (2 years, 32 weeks, 1 day, 17 hours and 23 minutes ago)
Hey gang,
Traditionally, spamd when greylisting has always given a temporary
failure immediately after the RCPT TO command. This made sense as we
want our supposedly not-a-bad-guy client the notice to retry as early
as possible in the session, to avoid wasting his and our resources. Note
that when blacklisting we do recieve the entire message body and
only 450 at the end, in order to waste the blacklisted hosts time.
Someone brought the idiotic practices at verizon to my attention.
Verizion attempts to do a "sender verify" by sending a bogus message
to every envelope from address and stopping the conversation after the
RCPT. They do this because eveyrone long ago turned off smtp VRFY.
However, they're kind of a bunch of rfc ignorant knobs because they
don't believe the temporary failure after the RCPT is temporary, they
treat it as permanent, and reject the inbound mail.
Now, just dealing with Verizon's stupidity alone might not
me enough to make me change this, however, spammers also do this trick
to verify sender addresses, and here's the rub, while verizion is
doing this out of stupidity, spammers may be doing it to clean their
lists - as someone who makes good use of greytrapping, I don't want
spammers to have clean lists. I want them to have dirty as hell lists
with every knuckle dragging mouth breather that ever fogged up a
monitor here on their lists.
So, what's this diff do? it changes slightly the behaviour of spamd
when greylisting. Instead of giving the 451 Temporary failure
immediately after the RCPT, we proceed through to the DATA command and
451 after that point. (We still do not recieve the body, and nor will
I make that change, given that would mean I would then receive the message body
on roughtly a million smtp messages a day here rather than 150,000 :)
This subtle behaviour change means, in my opinion, two good things
1) Verizon's idiotic check will succeed on any of your
outbound mail to verizon, and it will succeed for any user, rendering
it useless to them, but allowing mail through from your domain to verizion.
2) Spammers using this tactic (the response from an RCPT) to clean
mail lists will see all addresses as valid when greylisted.
Current greylisting behaviour:
220 spamd1.srv.ualberta.ca ESMTP spamd IP-based SPAM blocker; Wed Nov 22 09:40:02 2006
HELO bofh.ucs.ualberta.ca
250 Hello, spam sender. Pleased to be wasting your time.
MAIL FROM:<spammer <at> spammesilly.com>
250 You are about to try to deliver spam. Your time will be spent, for nothing.
RCPT TO:<beck <at> bofh.ucs.ualberta.ca>
451 Temporary failure, please try again later.
Greylisting behaviour with diff:
220 spamd1.srv.ualberta.ca ESMTP spamd IP-based SPAM blocker; Wed Nov 22 09:42:12 2006
HELO bofh.ucs.ualberta.ca
250 Hello, spam sender. Pleased to be wasting your time.
MAIL FROM:<spammer <at> spammesilly.com>
250 You are about to try to deliver spam. Your time will be spent, for nothing.
RCPT TO:<beck <at> bofh.ucs.ualberta.ca>
250 This is hurting you more than it is hurting me.
DATA
451 Temporary failure, please try again later.
If you greylist, please test this and report back to me.
Thanks
-Bob
Index: spamd.c
===================================================================
RCS file: /cvs/src/libexec/spamd/spamd.c,v
retrieving revision 1.84
diff -u -r1.84 spamd.c
--- spamd.c 29 Oct 2006 22:06:28 -0000 1.84
+++ spamd.c 22 Nov 2006 16:02:21 -0000
@@ -753,9 +753,6 @@
fprintf(grey, "IP:%s\nFR:%s\nTO:%s\n",
cp->addr, cp->mail, cp->rcpt);
fflush(grey);
- cp->laststate = cp->state;
- cp->state = 98;
- goto done;
}
}
break;
@@ -792,6 +789,11 @@
cp->op = cp->obuf;
cp->ol = strlen(cp->op);
cp->w = t + cp->stutter;
+ if (greylist && cp->blacklists == NULL) {
+ cp->laststate = cp->state;
+ cp->state = 98;
+ goto done;
+ }
break;
case 60:
/* sent 354 blah */