Folks, This list has been inactive for a long time and now serves only to relay some additional spam to me. I'm going to shut it down. d/ -- -- Dave Crocker Brandenburg InternetWorking bbiw.net
Mr. Levine was kind enough to provide the Qmail patch source for me to adapt to Postfix. After digging through the source for several hours, I narrowed down the likely places to implement it. My guess is the trivial-rewrite and smtpd programs. However, I also realized that it would take a great deal of time for me to pull all the pieces together. I don't know the insides of Postfix that well. This research was funded by a client and I informed him that one of Postfix developers could do it much faster and at less expense. So, it is on hold for now. If my client pursues this further, I will notify the list. Best Regards, Keith __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
In article <20060525131510.22679.qmail <at> web32907.mail.mud.yahoo.com> you write:
>John,
>
>Thanks for the reply. Can you please send me the code
>for the Qmail patch?
Here you go. Good luck.
R's,
John
diff -C3 netqmail-1.05-dist/netqmail-1.05/qmail-remote.c netqmail-1.05/netqmail-1.05/qmail-remote.c
*** netqmail-1.05-dist/netqmail-1.05/qmail-remote.c Mon Jun 15 06:53:16 1998
--- netqmail-1.05/netqmail-1.05/qmail-remote.c Fri Jan 6 12:24:47 2006
***************
*** 48,53 ****
--- 48,74 ----
+ #ifdef BATV
+ #define BATVLEN 3 /* number of bytes */
+ #include <openssl/md5.h>
+ stralloc signkey = {0};
+ stralloc nosign = {0};
+ struct constmap mapnosign;
+ stralloc nosigndoms = {0};
+ struct constmap mapnosigndoms;
+ #endif
+
void out(s) char *s; { if (substdio_puts(subfdoutsmall,s) == -1) _exit(0); }
void zero() { if (substdio_put(subfdoutsmall,"\0",1) == -1) _exit(0); }
(Continue reading)
I am been asked to research adding BATV to a high traffic Postfix server. I have read the paper, searched the archives and spent some time googling without finding someone who has done BATV on Postfix. If anyone has done it, or can point me to some reference info, it would be greatly appreciated. I am still trying to wrap my head around the munged envelope MAIL FROM and how I would check that on bounces (or spam blowback) on the way back in. Best Regards, Keith __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Folks, New version of draft-levine-mass-batv. The major change is to the syntax, to make it more robust against the vagaries of mailing list software. As a reminder, note that BATV has the unusual characteristic of providing benefit to each site that implements it, without having to interact with (depend on) If you are developing BATV or are using it, please let me know, so I can add a reference about deployment. d/ -- -- Dave Crocker Brandenburg InternetWorking <http://bbiw.net>
I have installed CSV ingress filtering at JLC.net. I'm actually rejecting outright very little except forged "HELO mailhost.jlc.net"... But I use CSV "authorized and authenticated" to bypass other filtering, including the SORBS spamtrap list. I guess I shouldn't be surprised that groups.yahoo.com regularly sends to SORBS spamtraps. :^( They are, after all, barely distinguishable from spammers in the protections they take against sending unsolicited email. Nonetheless, I have customers who like receiving Yahoo Groups email. I'm wondering if anyone knows folks who could convince Yahoo Groups to publish CSV SRV records? -- John Leslie <john <at> jlc.net> ----- Forwarded message from <obscured <at> jlc.net> ----- I can't seem to get email associated with yahoo groups that I belong to. I get the following error message: We are unable to deliver the message from <obscured <at> jlc.net> to <obscured <at> yahoogroups.com>. Your email account has been bouncing mails. This means that emails sent to your account over several days have been returned to us. This is sometimes because mail boxes are filled up, or because of configuration problems. To reset your Yahoo! Groups account, please go to(Continue reading)
I have integrated my Python CSV module into a Sendmail milter, and tested a
few simple cases.
Still need more testing:
CSV records which generate an ambiguous result (anything other than 'pass'
or 'fail').
Any other edge cases.
CSV authentication headers. Since these are not defined, I just made
something up. Suggestions are welcome.
Not yet implemented:
Hunting for CSV records at any level up from the full hostname.
Next Steps:
Additional authentication protocols - SPF, DKIM, etc.
Set up an email forwarding service, and get some experience using the
milter on real mailflows.
Build the database of authentication records.
Tool to build lists of IP blocks from SPF records, WHOIS records, etc.
Web interface for senders to register and declare their IP blocks.
Tool to scan the logs and build a reputation database.
If you would like to test the milter, send an email to
csvtest <at> box67.com. The milter will attempt to authenticate your heloname
using CSV, and return the email with authentication headers
prepended. I'll explain the details of these headers if anyone is interested.
--
Dave
************************************************************ *
(Continue reading)>> Something's wrong with your methodology. There are thousands of CSV >> records on my DNS server alone. > >wow. hadn't thought it had that much traction. who are the folks >supporting it? Nobody I know of, so I don't see the point in counting records. I stuck in CSV records for domains on my servers, including a few wildcards which a naive tester would count as anywhere from one record to billions, in case anyone wants to use them for testing. R's, John
The FAQ, <http://mipassoc.org/csv/csv-faq.htm>, has the following: * Q: What does that look like in "bind" format? * A: I advertise the DNS SRV as: mailhost IN A <MTA IP address> IN PTR _vouch._smtp.csv_vouch _client._smtp.host.example.com SRV 1 2 0 host.example.com Shouldn't the last line be, _client._smtp.mailhost.example.com. SRV 1 2 0 mailhost.example.com. in order to match the A and PTR record of mailhost? Another question about the FAQ: For the question "What will that software now do?", it is mentioned that a DNA and CSA query are done in parallel. However, how can the DNA be done unless the accreditation service is already known? If the server is going to use what the client published (a highly questionable practice), the server would first have to do a _vouch._smtp lookup first before doing an accreditation lookup. I'm wondering of there is really any value for an SMTP client to publish vouch records. In accreditation, the server cannot trust anything provided by the client, therefore, the server should already have a predefined set of accreditation services it will query, regardless what an SMTP client may claim. The Security Considerations section of CSV-DNA should discuss this.(Continue reading)
Asking for clarification: When authenticating the EHLO domain, is only a SRV query done or does the SMTP server first do an A lookup on the domain name to see if the resulting IP address matches the connection IP address? It appears that the text implies that the SRV record will contain the appropriate A record for the domain name (in the additional data section), so an explicit A lookup is not needed (unless the SRV query result fails to provide the necessary A record). --ewh
 |
|
|
|
|
|
|
| Mon | Tue | Wed | Thu | Fri | Sat | Sun |
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 7 | 8 | 9 | 10 | 11 | 12 | 13 |
| 14 | 15 | 16 | 17 | 18 | 19 | 20 |
| 21 | 22 | 23 | 24 | 25 | 26 | 27 |
| 28 | 29 | 30 | 31 |
RSS Feed1 | |
|---|---|
5 | |
3 | |
4 | |
4 | |
4 | |
7 | |
24 | |
33 |