Rick Moen
2008-10-26 18:31:20 UTC
I've been aware for a long time that being an anti-spam person can lead
one eventually to be a trigger-happy nut: Regardless of whether Sullivan
is correct about proper uses of the null sender "<>", he is not correct
about (quoted) mail originating at "From: ***@sorbs.net", a
non-deliverable sender -- and _that_ is the main, characteristic sin of
CGI script developers whose scripts generate outgoing mail.
You'll note Sullivan's statement that SORBS also considers MTA Q}callbacks /
callouts an "abusing DDoS tool" regardless and how implemented (e.g., my
system that caches and reuses callout test results), and blocklists the
hosts that use it. Oh well, so be it: Can't make everyone happy.
(linuxmafia.com is not currently blocklisted by anyone. I was just
trying to sign up at the SORBS Web site so I could check SORBS
reporting.)
----- Forwarded message from "SORBS Support (Matthew Sullivan)" <***@support.sorbs.net> -----
From: "SORBS Support (Matthew Sullivan)" <***@support.sorbs.net>
Reply-To: ***@support.sorbs.net
To: ***@linuxmafia.com
Date: Sun, 26 Oct 2008 08:40:03 +1100
Subject: [sorbs.net #212641] [Webform] SORBS registration systems sends RFC-ignorant mail
The NULL sender (<>) is used for where there is no expected or desired
response. It is not just for DSNs it's also used for mailing list sign
ups where the mail administrator wishes to avoid mailing loops.
have been proven to be) an abusing DDoS tool.
the original message.
Regards,
M
(The programmer of the script)
----- End forwarded message -----
one eventually to be a trigger-happy nut: Regardless of whether Sullivan
is correct about proper uses of the null sender "<>", he is not correct
about (quoted) mail originating at "From: ***@sorbs.net", a
non-deliverable sender -- and _that_ is the main, characteristic sin of
CGI script developers whose scripts generate outgoing mail.
You'll note Sullivan's statement that SORBS also considers MTA Q}callbacks /
callouts an "abusing DDoS tool" regardless and how implemented (e.g., my
system that caches and reuses callout test results), and blocklists the
hosts that use it. Oh well, so be it: Can't make everyone happy.
(linuxmafia.com is not currently blocklisted by anyone. I was just
trying to sign up at the SORBS Web site so I could check SORBS
reporting.)
----- Forwarded message from "SORBS Support (Matthew Sullivan)" <***@support.sorbs.net> -----
From: "SORBS Support (Matthew Sullivan)" <***@support.sorbs.net>
Reply-To: ***@support.sorbs.net
To: ***@linuxmafia.com
Date: Sun, 26 Oct 2008 08:40:03 +1100
Subject: [sorbs.net #212641] [Webform] SORBS registration systems sends RFC-ignorant mail
Gentlemen, I just tried to register user "rickmoen", and duly
submitted the required Web form. Your system then attempted to
send mail with information required to complete registration to my
2008-10-09 12:28:56 1Ko1Br-0007vM-H6 H=anaconda.sorbs.net
[203.15.51.135]:50554
I=[198.144.195.186]:25 F=<> rejected after DATA: Sender callback
verification fa
iled for header From: sender SORBS Registration Server
e is no valid sender in any header line
Envelope-from: <>
P Received: from anaconda.sorbs.net ([203.15.51.135]:50554)
by linuxmafia.com with esmtp (Exim 4.61 #1 (EximConfig
2.0))
id 1Ko1Br-0007vM-H6
P Received: from registration.stealth.sorbs.net (spamhaus.kd1.tisf.net
[64.124.5
2.228])
by anaconda.sorbs.net (Postfix) with ESMTP id C10DE2E072
(EST)
Subject: Registration Confirmation
X-Originating-IP: 64.186.171.234
X-Sent-Via: 64.186.171.234
Date: Fri, 10 Oct 2008 05:28:46 +1000 (EST)
X-Virus-Scanned: ClamAV 0.92/8399/Thu Oct 9 22:27:14 2008 on
anaconda.sorbs.n
et
X-Virus-Status: Clean
Fellahs, if you're going to write a script to send mail, the least you
should do is make it originate that mail from a valid address, and
not from the null sender. The null sender is fine for DSNs, but
not for anything else. Basically, your programmer got lazy. You
basically any theoretically deliverable, valid address.
Try reading the RFCs you might understand them.submitted the required Web form. Your system then attempted to
send mail with information required to complete registration to my
2008-10-09 12:28:56 1Ko1Br-0007vM-H6 H=anaconda.sorbs.net
[203.15.51.135]:50554
I=[198.144.195.186]:25 F=<> rejected after DATA: Sender callback
verification fa
iled for header From: sender SORBS Registration Server
e is no valid sender in any header line
Envelope-from: <>
P Received: from anaconda.sorbs.net ([203.15.51.135]:50554)
by linuxmafia.com with esmtp (Exim 4.61 #1 (EximConfig
2.0))
id 1Ko1Br-0007vM-H6
P Received: from registration.stealth.sorbs.net (spamhaus.kd1.tisf.net
[64.124.5
2.228])
by anaconda.sorbs.net (Postfix) with ESMTP id C10DE2E072
(EST)
Subject: Registration Confirmation
X-Originating-IP: 64.186.171.234
X-Sent-Via: 64.186.171.234
Date: Fri, 10 Oct 2008 05:28:46 +1000 (EST)
X-Virus-Scanned: ClamAV 0.92/8399/Thu Oct 9 22:27:14 2008 on
anaconda.sorbs.n
et
X-Virus-Status: Clean
Fellahs, if you're going to write a script to send mail, the least you
should do is make it originate that mail from a valid address, and
not from the null sender. The null sender is fine for DSNs, but
not for anything else. Basically, your programmer got lazy. You
basically any theoretically deliverable, valid address.
The NULL sender (<>) is used for where there is no expected or desired
response. It is not just for DSNs it's also used for mailing list sign
ups where the mail administrator wishes to avoid mailing loops.
Worse, having now whitelisted your domain and thus exempted it from
callbacks, there appears to be no way to convince your registration
system to re-send the confirmation mail: Attempting to get it to
do that fails silently.
Callbacks will result in blocking from the SORBS servers, they are (andcallbacks, there appears to be no way to convince your registration
system to re-send the confirmation mail: Attempting to get it to
do that fails silently.
have been proven to be) an abusing DDoS tool.
I'd still like to register user "rickmoen", by the way. Any chance of
doing that, or do I have to invent a second username just to deal
with your broken mail script?
The system will automatically send an email reminder within 7 days ofdoing that, or do I have to invent a second username just to deal
with your broken mail script?
the original message.
Regards,
M
(The programmer of the script)
----- End forwarded message -----